How to keep user Logged-In always "Connected with Server"

Question

I'm working on an App, where I wanted the user to keep logged-in means always connected to the server after successful login(just like facebook app). I tried to google this but did not found any correct logic of this. Many website suggests to use SharedPreference but keeping the user's login cred. on SheredPreference is not good idea and did not provide any answer to stay connected to the server. I'm kinda stuck with this idea. I just need logic to implement this. Any suggestions and example code are welcome.

I'm android noob.

Answer 1

Storing user's credentials on device is not a good way of designing. You can store the Hash password, which is also denied as good application design technique. According to the facebook and google these tech giants use Authentication token login-logout. Once the user log in server generate token for particular user which is then stored on your device as well as the server. Next time user come to App a request has been made to check the token is valid or not, if valid - access granted else not.

A basic design of this process

Tutorial :

• Look for basic tutorials
• Facebook login

Answer 2

Your question doesn't seems clear.

1) what do you mean by always connected to server?
2) What kind of things you need to do if user is connected to server?

I can suggest you to use SharedPreferences if you want user to be logged in all the time in your app, no need to store credentials of user in SharedPreferences, you can store userId, email address and those kind of details.SharePreferences

If you want some information on time basis like need to update data daily or every hour, you can call API by using AlarmManager for given time.AlarmManager

Still you want some information to notify user about new change/update, you can use Push Notifications.GCM and FCM

Note :

Firebase Cloud Messaging (FCM) is the new version of GCM.

Answer 3

Firstly, you should ideally be generating a token when a user logs in(facebook app also uses oauth token), which should then be stored on your device as well as the server. Its not a good idea to even store email address or any other such user information on the phone.

Create and maintain a session on the server side. Next, let the app connect to the mothership, i.e. the server after a set interval and send an "I am alive" message. If you get the message on the server side, you bump up the session time.

This way, the user stays logged in forever, but only if the user stays active.

Both server and app must first check session and token before sending or receiving data. This ensures that the user is authorized, that the app was not force closed, and the user still stays connected. Please ask further if you want something more.

Answer 4

First of all I don't understand the use of terms stay connected to server and stay logged in in your case. But to my understanding I will answer this.

1. To stay logged in, as in, not to ask for the credentials everytime, you are supposed to get a unique token from the server and store it along with other login details (except password) in SharedPreferences or in some database. Whenever user open the app, use the token received as an authentication parameter (you can refer oath method too). This will eliminate the chances of leaking password and token will be specific to device just like sessions.

2. Stay connected to server, as in, receive instant notifications, send and receive messages? When app is opened, use sockets, that's how it is done, when app is closed, you can use FCM.