问题
I'm developing an android application that will be used by multiple users (each user will have his own device). I'm trying to implement some kind of session tracking to see if user is authenticated and based on it allow further use of application. What I'm trying to achieve is the same kind of tracking I use on the web with session object. Is there any way to do this on android system?
回答1:
You maybe have to re-think your concept.
Why would you like user authentication, when 1 device is used by 1 user? If you MUST have user authentication, where would you store the credentials? Android offers several options for Data Storage.
if you store the credentials on the phone, you have to solve the encryption problem (for example use custom SharedPreferences with Encryption implemented - there's one implementation around here, keep in mind it's not 100% secure). But there's more serious problem - if the user changes the device, and installs again your application, he would expect all his data to be saved. In this case saving user-data - credentials etc. on the phone is not good choice.
if you store the credentials somewhere online (cloud, etc.) you still have to provide guarantee of some security. But how will you handle the case where the user has no connectivity to the cloud and wants to authenticate to your app?
Maybe you have to come up with some hybrid solutions which goes like: user > local-phone > sync with remote location > sync local phone with remote location and so on. Handle all cases that come from this.
来源:https://stackoverflow.com/questions/9838684/android-tracking-user-authentication