Android App Strategy for keeping track of a login session

Question

I have some PHP script that logs in and returns a JSON array with a session ID if the login was successful.

In my app, I want to login at the front page and continue out

Answer 1

Here are some things you should think about:

• Once you have authenticated the user and stored the session_id locally, send the session_id in the header of each of your http requests. That way, you're not sending the credentials with each request, but the session id. And if something happens on the server side to the session, the transaction will not be allowed.
• When logging out, don't just delete the session_id on your app (client) side. Send a logout to the server as well so that the session can be killed server side.
• If the session is killed on the server side, you'll want to do 1 of 2 things A) prompt the user to re-login. B) Use the store credentials to log back in, create a new session id and store it again in your singleton.

This will guarantee a bit more security and functionality than just clearing the session id on your app side.