How Android uses token to maintain login status

What is token

Token (token) is a string of unique strings, typically generated by the server, returned to the client when the registration is complete, to identify the user, and the client stores the string locally. In the future network request, the client first query the local token, if there is a direct use of this token for network requests, no prompt is not logged in, go to the login registration interface.

In addition, the expiration discriminant mechanism can be added on the server or client side.

The role of token

Token can significantly reduce the service side of the user table query, while the user does not have to log on every time, improve the system usability and robustness.

Save tokens with Sharedpreferences

Get token and save

Networks.regpost (user, password, email, tel,NewObserver<user>() {@Override Public voidoncompleted () {} @Override Public voidOnError (Throwable e) {LOG.E ("loginactivity", E.getlocalizedmessage () +"--"+e.getmessage ()); } @Override Public voidonNext (user user) {if(User.getmmessage (). Equals ("Success") ) {MainActivity.instance.finish ();//End the original pageToast.maketext (Getapplicationcontext (),"Registration Successful", Toast.length_short). Show (); //token saved to localSharedpreferences sp = getsharedpreferences ("Logintoken",0); Sharedpreferences.editor Editor=Sp.edit (); Editor.putstring ("userId", User.getmuserid ()); Editor.putstring ("UserName", User.getmusername ()); Editor.putstring ("Phone", User.getmphone ()); Editor.putstring ("Email", User.getmemail ()); Editor.putstring ("Headimageurl", User.getmheadimageurl ());     Editor.commit (); Intent I=NewIntent (regactivity. This, Mainactivity.class);     StartActivity (i);    Finish (); }Else{Toast.maketext (Getapplicationcontext (),"Registration Failed"+user.getmmessage (), Toast.length_short). Show (); }   }  });

I am using the retrofit framework for network requests, the above is the function to implement the registration function, in the OnNext () function to get the results returned by the server, the framework automatically resolves the returned JSON data to the corresponding class object (that is, the user object above). Because the essence of token is the only string, the UserID satisfies this requirement because the UserID is generated and unique by the server and therefore uses the UserID as token.

Query local tokens before making a network request

For example, click on the side bar of the avatar, if not logged in you need to jump to the login interface, has logged into the personal information interface. At this point, you need to query the local token for identification.

Private voidInitData () {SP= Getsharedpreferences ("Logintoken",0); Name= Sp.getstring ("userId",NULL); UserName= Sp.getstring ("UserName",NULL); Email= Sp.getstring ("Email",NULL); } @Override Public voidOnClick (view view) {Switch(View.getid ()) { CaseR.id.imageview:if(Name = =NULL) {Intent i=NewIntent (mainactivity. This, Loginactivity.class);    StartActivity (i); } Else{LOG.D ("User ID", name); Intent I=NewIntent (mainactivity. This, Personinfoactivity.class);    StartActivity (i); }     Break; } }

Note

In this case, I use the UserID as token, but it's not recommended, although it's simple. Because UserID obviously cannot determine whether or not to expire, if we need to implement token expiration of the discriminant, then you can use the UserID and date stitching way.

Also, for security reasons, do not generate tokens on the client.

How Android uses token to maintain login status