Session persistence for android

In a recently written Android system, you need to request data from the web server. A login Activity will be sent to the MainActivity after logon. Both the logon and MainActivity need to request the jsonapi of php, so we have to keep the session in the network request for a long time. In fact, sesion is directly transmitted through a cookie named "sessionid" in the browser and web server, therefore, the web session can be used as long as the sessionid remains the same during each data request. In this way, the sessionid value is obtained and saved in a static variable during the first data request, then, when the second request is sent, the sessionid should be put together in the Cookie and sent to the server. The server uses this sessionid to identify whether the client is requesting data, in php, The sessionid is called PHPSESSID. Paste the following code Copy codeThe Code is as follows: import java. io. IOException;
Import java. io. UnsupportedEncodingException;
Import java. util. List;
Import org. apache. http. HttpEntity;
Import org. apache. http. HttpResponse;
Import org. apache. http. HttpStatus;
Import org. apache. http. NameValuePair;
Import org. apache. http. client. ClientProtocolException;
Import org. apache. http. client. CookieStore;
Import org. apache. http. client. entity. UrlEncodedFormEntity;
Import org. apache. http. client. methods. HttpPost;
Import org. apache. http. cookie. Cookie;
Import org. apache. http. impl. client. DefaultHttpClient;
Import org. apache. http. protocol. HTTP;
Import org. apache. http. util. EntityUtils;
Public class MyHttpClient implements InetConfig {
Private DefaultHttpClient httpClient;
Private HttpPost httpPost;
Private HttpEntity httpEntity;
Private HttpResponse httpResponse;
Public static String PHPSESSID = null;
Public LVHttpClient (){
}
Public String executeRequest (String path, List <NameValuePair> params ){
String ret = "none ";
Try {
This. httpPost = new HttpPost (BASEPATH + path );
HttpEntity = new UrlEncodedFormEntity (params, HTTP. UTF_8 );
HttpPost. setEntity (httpEntity );
// The first time is generally not assigned a value. If there is a value, send the SessionId to the server.
If (null! = PHPSESSID ){
HttpPost. setHeader ("Cookie", "PHPSESSID =" + PHPSESSID );
}
HttpClient = new DefaultHttpClient ();
} Catch (UnsupportedEncodingException e ){
E. printStackTrace ();
}
Try {
HttpResponse = httpClient.exe cute (httpPost );
If (httpResponse. getStatusLine (). getStatusCode () = HttpStatus. SC _ OK ){
HttpEntity entity = httpResponse. getEntity ();
Ret = EntityUtils. toString (entity );
CookieStore mCookieStore = httpClient. getCookieStore ();
List <Cookie> cookies = mCookieStore. getCookies ();
For (int I = 0; I <cookies. size (); I ++ ){
// Here, the value of the Cookie ['phpsessid '] is read in a static variable to ensure that the value is the same at a time.
If ("PHPSESSID". equals (cookies. get (I). getName ())){
PHPSESSID = cookies. get (I). getValue ();
Break;
}
}
}
} Catch (ClientProtocolException e ){
E. printStackTrace ();
} Catch (IOException e ){
E. printStackTrace ();
}
Return ret;
}
}

In fact, the web principles are the same. It is based on the http protocol. If the website does not use php, the Cookie called Sessionid may be called another one, and it is not PHPSESSID, it is called another name, which may need to be checked according to the specific situation.
In fact, it is not just an Android program. When other programs need to use this function, they only need to add the corresponding SessionId in the http request header. This method can help you understand sessionid. In fact, if it is more common, you can send all the cookies back to the server every time, this can solve the session persistence problem, but it may slightly increase the network traffic overhead.

Here we can see the essence of a SessionId. mark it by the way.
Nature of SessionID

1. The client saves the sessionID with the cookie
The client saves the sessionID with the cookie. When we request the server, the sessionID will be sent to the server together, and the server will search for the corresponding sessionID in the memory. If the corresponding sessionID is found, it indicates that we are logged on and have the corresponding permissions. If the corresponding sessionID is not found, it means that we have disabled the browser (which will be explained later ), if the session times out (no server is requested for more than 20 minutes) and the session is cleared by the server, the server will assign you a new sessionID. You must log on again and save the new sessionID in the cookie.

When the browser is not closed (if the sessionID has been saved in the cookie at this time), the sessionID will be stored in the browser all the time, this sessionID is submitted to the server every time a request is sent, so the server considers that we are logged on. Of course, if the server is not requested for a long time, the server will think that we have already disabled the browser. At this time, the server will clear the sessionID from the memory. At this time, if we request the server again, the sessionID will no longer exist, therefore, the server does not find the corresponding sessionID in the memory, so a new sessionID will be generated. In this case, we usually need to log on again.

II. The client does not use cookies to save the sessionID
At this time, if we request the server because sessionID is not submitted, the server will regard you as a brand new request, and the server will assign you a new sessionID, this is why every time we open a new browser (whether we have logged on or not), a new sessionID (or we will log on again) will be generated ).

When we turn off the browser and open the browser and then request the page, it will let us log on. Why? We have already logged on and haven't timed out. sessionID must be on the server. Why should we log on again now? This is because when we turn off browsing and then request, the information we submitted did not submit the sessionID we just submitted to the server together, so the server does not know that we are the same person, in this case, the server assigns us a new sessionID. For example, the browser is like a person who wants to open an account at a bank, and the server is like a bank, the account owner who wants to open an account in the bank obviously does not have an account (sessionID) at this time. Therefore, after arriving at the bank, the bank staff asked if there was an account and he said no, at this time, the bank will activate an account number for him. So it can be said that every time you open a new browser to request a page, the server will think that this is a new request, and it will assign you a new sessionID.