App Login Status maintained

Reprint Address: http://www.jianshu.com/p/4b6b04244773

At present, most of the app support long login, that is, after the user login once, if the user did not actively log off, clear the app cache data or uninstall the app, for a period of time or has been maintained login status. In general, there are the following three ways: using token to implement

After the app login succeeds, the server in some way, such as randomly generating the n bit string as token, set an expiration date, store it in the server, and return token to the app.

Subsequent app sends the request, all must take this token, each time when the server receives the request, must verify the token and the validity period, token the numerical pair and in the validity period, the server returns the desired result, otherwise returns the error message, prompts the user to sign in again.

(This method is currently used most)
using cookies to implement

After the app login succeeds, the server creates a cookie containing the session_id and expires two attribute values, stored in the server and sent to the app.

Subsequent app sends a request, all want to bring a cookie containing this session_id, every time the server receives request, must verify session_id and validity period, session_id numeric pair and within the validity period, the server returns the desired result, otherwise returns the error message, Prompts the user to log on again.

(This approach is similar to the way the browser is authenticated) using user name and password to implement

After the app login is successful, the app sends the user name and password to the server every time a request is sent, and the server verifies the username and password each time it receives a request. If the user does not log in or logs off, the user name and password are not sent to the server when the request is sent.