Recently, I have created a website where one can read temperature and humidity values, and set the wanted temperature value for an IoT device. For security, the IoT values can only be read or set when the user has logged in. This is done by setting the session ID when the login was successful.
Relevant part of login script:
<?php
if ($userData['username'] == $username && $userData['password'] == $password) {
echo "Login success.";
session_start();
$_SESSION['nID'] = true;
header('refresh: 3; url=app/index.php');
}
?>
The login is handled with a POST request.
As you can see, the user is redirected to app/index.php whenever the login was successful.
On the start of app/index.php, it is being checked if the session ID is set. If this is not the case, the user will be redirected to the login page.
Relevant part of app/index.php:
<?php
session_start();
if (!isset($_SESSION['nID'])) {
header("Location: ../index.html");
die();
} else {
//other content of the page
?>
This seems to be working correctly when I test it on my computer in a web browser. Now I am trying to make an Android application in Kotlin which first logs in with a POST request and then reads the values with a GET request using Fuel library.
Relevant part of the Android application:
val loggedIn = false
FuelManager.instance.basePath = "https://red2503.nl";
fun logIn(webPage: String, username: String, password: String) {
Fuel.post(
webPage,
listOf("username" to username, "password" to password)
).responseString { request, response, result ->
when (result) {
is Result.Failure -> {
val ex = result.getException()
Log.d("FAIL", ex.toString())
lock.unlock()
loggedIn = false
}
is Result.Success -> {
val data = result.get()
Log.d("SUCCESS", data.toString())
if (data.toString().contains("Login success.")) {
loggedIn = true
} else {
loggedIn = false
}
lock.unlock()
}
}
}
lock.lock() //wait for response
}
fun displayToast(text: String) {
val duration = Toast.LENGTH_LONG
val toast = Toast.makeText(applicationContext, text, duration)
toast.setGravity(Gravity.CENTER_VERTICAL, 0, 0)
toast.show()
}
fun readTemperatureHumidity(webPage: String) {
Fuel.get(FuelManager.instance.basePath + "/" + webPage)
.response { request, response, result ->
println(request)
println(response)
val (bytes, error) = result
if (bytes != null) {
println("[response bytes] ${String(bytes)}")
}
}
}
submitButton.setOnClickListener {
logIn("iot/login.php", /* USERNAME */, /* PASSWORD */)
if (loggedIn) {
readTemperatureHumidity("iot/app/index.php")
} else {
displayToast("Login failed. Check internet connection.")
}
}
I know the login is working correctly, because the response of the login is "Login success.". However, when I send the GET request to app/index.php after logging in, the website redirects me to login form at ../index.html, but I expect it to reply with the values because the login was successful. I think this happens because the session ID does not stay set between the two HTTP requests. How can I solve this problem?
I think I gave all relevant information about the website and the application. If some parts unclear, please let me know.
I had to store the cookie of the response of the first request, and place it in the second request. See the answer to this post:
Setting cookie properly in fuel requests