ios-php issues with writing interface session data

The scenario is: use PHP to write Android and iOS background interface (e-commerce platform app

What do you do with cookies and sessions on the original web?
Seemingly interface can also use the session, but =. = I asked us about iOS he said he didn't use cookies or anything. Orz
Don't know if there's a better way to do it in the app
Ask the app to post the user data when it requests the interface? Is there anything wrong with security?

Reply content:

The scenario is: use PHP to write Android and iOS background interface (e-commerce platform app

What do you do with cookies and sessions on the original web?
Seemingly interface can also use the session, but =. = I asked us about iOS he said he didn't use cookies or anything. Orz
Don't know if there's a better way to do it in the app
Ask the app to post the user data when it requests the interface? Is there anything wrong with security?

Stay logged in with session:
After the app is logged in (directly verifying the password or third-party login), the server generates a random token string for that user, which is saved in a User data table and in the session. Then in the need to login permissions, let the app every HTTP request header with this token, and then the server to take the token in session and the check, the equivalent is the login status.

Your client may be using oauth2.0.

Encrypted user session data is passed through post, if the condition allows to walk HTTPS

http://www.toozy.cn/api-authorization/

The implementation is the same as the browser cookie mechanism, for example, the client locally to save the server Set-cookie, and then each commit with the previous set of cookies, equivalent to the Android developer manually implement the browser cookie mechanism. session_id is stored in a cookie in the same vein.

Signature encrypted transport: Public key transfer, private key encryption

