views:

65

answers:

2
  1. I am making an IPhone app in which userid and password is required in all the screens to make requests to the server, and I am thinking of saving those 2 values in NSUserDefault instead of passing an object around.

  2. I am also thinking it will be useful if user has logged in once, and use the app again then user don't have to enter his/her details again.

But I am curious if it will be safe/good practice to use for first requirement?

+4  A: 

I don't have anything against save these data on the user defaults. What I don't get is the idea to expose the user credentials on each request.

I would suggest you to ask for the credentials once, authenticate with your server and return a "session token". save this token and use it to validate the user on each request. (it means that you will save the token on you server or you will check the token using an algorithm)

Doing this you don't expose the user credentials all the time, you have control over the session, and you can expire it when you want, forcing the user to logging again.

For more complex implementations, you could Google for OAuth or XAuth and some related methods of authentication.

Cheers, vfn

vfn
Problem is server has no mechanism for this "session token" thing! that is why i have go through this route. That's what written on api page "All requests require validation."
itsaboutcode
Yeah, but the validation can be against anything, not necessarily login and password. Only if in your case you don't have any control over the server and so, on this case you would need to send the credentials on every single call.
vfn
Yap thats the issue, i have no control over server side :( and required to send credentials with every request. Thanks vfn.
itsaboutcode
+2  A: 

It's reasonable to save global values in NSUserDefault that you want to survive your app being killed and restarted (as can happen under iOS4.0).

Passwords should be saved in memory (maybe a singleton model object), or in the keychain, as various iTunes backup databases might expose stuff stored in user defaults.

hotpaw2