views:

253

answers:

2

Simply, I would like to have an iPhone app that logs in to a web server with inputted username and password values and then maintains this login, so that the user can POST data to the server.

Is this just an issue of using cookies? If so, how do you perform a check to verify the user is logged in?

Thanks.

A: 

Isn't this a matter of how your server ensures the validity and longevity of logins? A server could be very picky and not allow a login to continue if it looks like it has been inactive for more than tens of seconds, or if the IP address has changed. Some servers could care less if you provide the right session or transaction ids. Then there are cookies. It would all depend on the server you are accessing.

When you say:

If so, how do you perform a check to verify the user is logged in?

are you talking about how your iPhone app checks or how the server checks? If from the iPhone, it should try something quick like a status call and if the server requests authentication, then you authenticate. If not, server depending, you can assume you are already authenticated.

Some apps do the authentication often, assuming that the server login has timed out. Other apps don't like holding on to the user's password so they try to do it very rarely, and when they need to they display a login screen so they don't have to store the password.

mahboudz
A: 

If you don't have control over the web server and the login process here is what i've done in one of my apps:

[[NSString alloc] initWithContentsOfURL:someURL usedEncoding:&enc error:&error];

This method already uses cookies so if you are logged in you will stay logged in. Assuming that the server saves the session id into a cookie and the session id is used to identify a user's session (which is the normal way how someone would implement a website).

To check if a user is logged in you simply parse the resulting website. Most web sites will redirect your request to the login page if the user hasn't logged in before.

To clarify hear are the steps:

  1. Send request to some url that needs login
  2. Check the result
  3. If the result was login page -> send user credentials and start from 1.
  4. Parse the result
sliver