0

I'm making a social iOS app. In order to "remember" user's login status, what I did so far:

  1. for the first time the user logs in/create a new account, the app saves his/her username and password in keychain, and next time when the app launches, in 

    (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
// submit login

    }

    the app submits the username/password in keychain to login the user automatically;

  2. In nodejs I set the session expiration time to be 2 hours.

Now suppose after the app launches and automatic login happens, if the app entered background for a long time(longer than 2 hours) and then switch back to foreground, is the user NO LONGER logged in?

If the login status is gone, how can I remain the login status? What I can think of is to add another automatic login logic in

- (void)applicationWillEnterForeground:(UIApplication *)application {
    // submit login
}

But wouldn't that be too much data transmission involved?

Or maybe I can set a permanent session time on the server side? Is that even possible?

Gary Riches
  • 2,847
  • 1
  • 22
  • 19
dulan
  • 1,584
  • 6
  • 22
  • 50

1 Answers1

2

Best way to achieve this functionality is to generate a token key for mobile device which can be expire in a long time, you can keep it alive like for 30 days and only invalidate until user logout manually.

Retro
  • 3,985
  • 2
  • 17
  • 41
  • So in my understanding, you're refering to an access token? How may I generate that access token, is there an algorithm to generate it? I see OAuth might be able to do that, though I haven't go deep into it yet, is that so? – dulan Mar 25 '15 at 11:34
  • Yes, OAuth has this functionality to generate token, it will be on server side and client just need to store it and send to API as key param. Here is a function of java to generate it. http://stackoverflow.com/questions/17141292/oauth-2-0-generating-token-and-secret-token – Retro Mar 25 '15 at 11:41