How can I use cookies to authenticate a user in PhoneGap for Android?
The server will send a cookie containing a session ID. As part of each future AJAX request to the server that cookie must get sent to authenticate the user. I don't have access to the server, so I can't change how it works.
So, I have to use cookies. I can't use local storage or anything like that, unless it behaves exactly like a browser would if a server were to send a "Set-Cookie" header.
How do I do this?
Using local cookies with Cordova isn't possible, unless you can store them server-side. In your case, you can make use of local-storage, for easy values/flags/strings, or if you want a relational database, use WebSQL.
Local Storage:
http://docs.phonegap.com/en/4.0.0/cordova_storage_storage.md.html
WebSQL: http://dev.w3.org/html5/webdatabase/
I would recommend WebSQL above others like IndexdDb because it is most wideley supported for mobile devices. See following link: http://caniuse.com/#feat=sql-storage
Related
I want to make an android app which will login to my web application using rest API. In browsers we have a concept of cookie which servers use to identify/maintain session with the users.
In Android how would we accomplish it ? I heard that there is a concept of token which is sent by server in response(first time when credentials are validated) and Android app have to send it to server every time it tries to access a resource(protected). So, what is the better way of doing it ?
Do we need to validate the token again and again when the client requests for a resource ?
Honestly, I can't think of a better way of doing this. Token based authentication seems to be pretty standard when dealing with RESTful APIs. Is there any reason you can't do that?
If you don't want to change the server code, then this could be simulated by adding a cookie header to every request you send. But this is basically the same thing that you mentioned above, just not as clean.
And the browser is already sending a token to be validated again and again. Every request has a cookie header that gets validated through your web application on every request, so this isn't a big deal at all.
And, you don't need anything Android specific to accomplish this. In whatever http library you're using I'm sure there is a method you can called or something you can override in order to set custom headers. Use that to set either your cookie header or token header on every request that you need to make.
I am using CouchDB to authenticate users for my app, which is essentially just a front end for a CouchDB database, so I am using the API to authenticate users, logically, this code
httpget(http://wrongusername:wrongpassword#mycouch.com:5984) //not my actual code
should come back with the response
{"error":"unauthorized","reason":"Name or password is incorrect."}
as it does when I cURL the same URL. But instead, no matter what I put in as the username and password it returns
{"couchdb":"Welcome","version":"1.2.0"}
And I know I'm not somehow storing a valid URI or that response in the code because I've changed the parameters of HttpGET to return _all_docs, and it has returned all the documents, which a normal user shouldn't be able to to do. I have not modified any of the configuration files and the login is not stored anywhere in the database
Are you sure you are hitting the same CouchDB instance that you have set up the users with? Clients, not even Android, have a way of bypassing authentication.
Couchdb uses session cookies for authentication, maybe your http client authorized to couchdb before and keeps the cookie around?
Another thing I can think of: unless you set require_valid_user to true, couchdb only restricts access to individual databases, which would explain the "welcome" message on /.
(I'm asking this partly for learning purposes, I realize what I'm trying to do might be entirely wrong!)
I have a php file on my website that handles log in and sets a cookie for the user if log in is successful. if setcookie() fails, I error out instead of displaying the rest of the page.
When I try to access this page using my android app (which uses HttpURLConnection with POST), the setcookie() fails. I'm guessing this is because the client isn't a browser and can't handle cookies.
so first of all, is there away for my app to be able to receive cookies from the server and store them? if not, how do you handle maintaining a login session with the user so you dont have to send a username and password, every time you want to access data from the server?
THanks
A couple of notes before the workaround:
The function is called setcookie() not set_cookie()
Android browsers do support cookies afaik, so you probably should look into this further. Perhaps the format of your setcookie call is not valid?
If you can't use cookies, then the workaround is to simulate your own session mechanism by passing your cookie value as a url parameter on every request.
I have created an AppEngine connected Android application, and I'm trying to modify it to be able to store some user data on the server. I do not know what's the easiest way to do so, because I want it to be as simple as possible. I just want to store some basic data for every user. This data is: Name, Email, and some other Strings. I have created a form in the android side which will allow the user to type all the requested data, but I do not know how to send this information to the GAE server and store it in the datastore. I guess I will have to use a Servlet and some kind of RPC service to call the methods. I'm really lost because it is my first time doing this. I'm not experienced neither in android nor in web apps. I hope you can help me.
Update
Well, maybe I did not explain myself well. The system I've been asked to build consists on a web service that store your personal login credentials for most common sites (facebook, gmail, etc). Using a chrome extension, you ask the server for the credentials on the website you are navigating, and then the server asks to your phone for authorization. It will ask (do you give me permission to send your credentials to "some user"), and you have to ansewer yes or no and then the server will act in consequence. The point is that you have to store your credentials in the server in some way, maybe from the android app (which is what I was trying) or from somewhere else. I will also need authentication.
Pd: I use java for the server side.
Since you already started with AppEngine connected Android application, it makes sense to continue customizing it: App Engine Data Access: Adding Entities and RPC.
Update:
There are of course many ways to exchange data between client and server. The most simple would be a servlet handling GET and POST requests with some query parameters.
Also, most popoular lately is REST:
Android REST client: http://appfulcrum.com/2010/08/20/android-how-to-call-rest-service-using-asynctask/ (try using GSON instead to parse JSON)
Server: use a REST framework. My personal choice is RESTEasy. An example: http://ankiewsky.blogspot.com/2010/08/resteasy-on-googleappengine-corerest.html
Update 2:
The simplest possible way - making/handlin a simple POST request:
Android client - making POST request with parameters: http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient
Server handling POST (or GET) and extracting parameters: http://www.exampledepot.com/egs/javax.servlet/GetReqParam.html
Find and follow thoroughly the Topic Index on this page. Gud luck
I want to make a login application in Android.
Requirement of the project is to store user name and password for two days using cookie.
Is it possible to use cookies? If yes, then how? Can you give me the code?
Note: I can't use web view.
As a commenter already said, you aren't supposed to store password (even in encrypted form) in a cookie. What you can store is a session id. When user logs in the application, the application generates a session id for him/her, which will stay valid for two days. In every request that you make to the application, you add the session id as an HTTP header.
You can store the session id and the datetime it was issued in the preferences. When the user needs to make a new request to the application and the session hasn't expired, you can read the stored value.
If you are not looking to integrate this into the browser, then have a go at this.
If you look at the HTTP protocol, you can see that cookies are sent by the client in plain text in the request. This means you should have your application deliver them every time your request a page. This is not valid for local-only cookies, but I don't think that you're interested in these. If you want to set cookies from the server side, you will have to adapt your application to parse the response and look for cookies. (also HTTP protocol)
For a better view of the raw data you need to send or receive, you can monitor your traffic using Wireshark or a similar tool and see how the request/response look like.
I am currently working on a web-service that I need to implement on iPhone and this is my first idea of doing it. I haven't got to implement this yet (my web service is still not done) so there's not much more I can tell you at the moment.
Edit:
A useful page about this might be the Wikipedia HTTP Cookie page located here.
As Reno said, try to avoid storing the password in the cookie. Instead you should let the server generate a sessionID when logged in and let this ID expire on the Server after two days. SO you can login with the username and the sessionID you generated with logging in once.
I you want, you can store that sessionID in the cookie.