Reprint Address: http://www.jianshu.com/p/4b6b04244773
At present, most apps support long login, that is, after users log in once, if the user did not actively log off, clear the app cache data or uninstall the app, for a period of time or remain logged in. In general, there are three ways of doing this:
using token to achieve
After the app login is successful, the server will somehow generate N-bit strings as tokens, set an expiration date, store it on the server, and return token to the app.
The subsequent app sends the token when sending the request, each time the server side receives the request, must verify the token and the validity period, the token value pair and within the validity period, the server returns the desired result, otherwise returns the error message, prompts the user to log in again.
(most currently used in this way)
use cookies to achieve
After the app login is successful, the server creates a cookie that contains session_id and expires two attribute values, which are stored on the server and sent to the app.
Subsequent apps send a request with a cookie containing this session_id, each time the server side receives the request, to verify the session_id and validity period, session_id value pair and within the validity period, the server returns the desired result, otherwise returns an error message, Prompt the user to sign in again.
(This is similar to the way the browser authenticates)
using the user name and password to implement
After the app login is successful, each time the app sends the request, the user name and password are sent to the server, and the server verifies the user name and password each time it receives the request. If the user is not logged on or logged out, the user name and password are not sent to the server when the request is made.
App Login Status maintained