Do so

• User login

• I give him a token and save it in SharedPreferences

• When starting the program in the oncreate method, I check the presence of a token in the SP, if it is, then the profile window is started, if not, then the login window

So, how do I need to make it possible to log in from different devices under one account (since if I go in doing everything according to this scheme, the token for the past account will cease to operate)?

  • if I understood everything correctly, this is a server limitation, and not a problem in the client implementation - Vitaly
  • But all the same, the question is the same, how to make it possible to log in from different devices so as not to knock out past inputs? - Icsdssd
  • On the client side, do nothing. Return the same token from the server when logging in and will work as usual - pavel163
  • Okay, but how then to store the token? If I keep it in its pure form, if the database leaks it is equivalent to that the passwords are in the open form because using the token you can access the account. Therefore, you need to store the token in the form of a hash, but if I store it in the form of a hash, I will not be able to return the same token to clients since I simply will not know it - Icsdssd

1 answer 1

You can implement this:

On the server, in the database create a table with devices. Fields:

  • id (auto)
  • token
  • device_id (unique device identifier obtained when logging in from it)
  • last_login (last login time from this device)
  • user_id (link to user table)

device_id can be obtained on the device as follows:

 public static String getUniqueID(Context context) { //получаем IMEI TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE); String uniqueID = telephonyManager.getDeviceId(); if (uniqueID != null) { return uniqueID; } if (android.os.Build.VERSION.SDK_INT >= 9) { //если Android OS >=2.3 - то получаем уникальный серийный номер устройства uniqueID = android.os.Build.SERIAL; } if (uniqueID != null) { return uniqueID; } //получаем уникальный идентификатор Android (при сбросе системы может меняться) uniqueID = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID); return uniqueID; }

In requests to the server, send token and device_id . On the server to check compliance.

The last_login field last_login necessary for periodic cleaning of the database. For example, if a month did not go in from this device (conditional time), delete it.