How to store session in a mobile application?

hi. There is a service written in laravel. There is a rest api. Need to do now mobile app, with authentication, and of course after successful authentication the access to the personal account. The app I write using electronjs. But how and where to store the session in a mobile application, how to control access rights?
July 9th 19 at 10:11
3 answers
July 9th 19 at 10:13
No matter what You write and how (PHP, rest/non-rest, etc.): scheme - all one.

About the session:
1. The server creates the session ID and always specifies it in the response to each client request.
2. The client uses this identifier (usually in the cookie store of the browser) with every subsequent request.
3. If the server in the response indicated a NEW session ID, the client must use the new.

About the token:
A token and combines the authorization and session using the hashing operation.
1. After receiving the session identifier from the server, the client sends hashed information based on the login, password and ID received.
2. The server checks and, if correct, issues a token for subsequent requests.
3. To protect from a recovery formula hash from the same data used polymorphism: adds a random parameter and a timestamp to the parameters passed.
4. To protect the uniqueness is on the server side provides daily storage of all queries based on the token.

The token can be both permanent and disposable.
1. Permanent - when on every request to server it not changing.
2. Disposable - when after each request to the server, the server issues a new token.
Hello, please tell me, that you write:
3. To protect from a recovery formula hash from the same data used polymorphism: adds a random parameter and a timestamp to the parameters passed.

And how it achieves coherence parameter random on the client and the server? That is, the client, when it makes a hash, adds to the random string, the timestamp, the server to verify the signature, you need to generate the same random. How is it implemented? Or this random is sent in the request along with the hash string? But then cycle through the request parameters will not be a problem to generate the same hash.
Thank you. - anne_Stiedema commented on July 9th 19 at 10:16
: random - random, Yes. It is passed as one of the options in the clear.
the hash is formed based on the parameters and the token.
token known to the client and the server, it is not sent in the API requests and is used as a parameter to generate the hash inside the formula.
repeated requests (duplicates hash) - excluded server for a day (to avoid the error, but it can be harder to do, up to 5 minutes) - Kyleigh_Hills commented on July 9th 19 at 10:19
July 9th 19 at 10:15
You probably wanted to say with ionic framework?
Electron for desktop.

Can see react native or anything else.

Don't quite understand what the problem is control right? This should be handled by Your API on the server(whether or not such a method). And on the client simply store the token for requests.
and where you can read about the development of mobile prilozheniy from restapi? And store the token on the client, just create a variable and all? or something else? - anne_Stiedema commented on July 9th 19 at 10:18
there are many issues in the toaster on this topic and in General on Habre. - Kyleigh_Hills commented on July 9th 19 at 10:21
July 9th 19 at 10:17
Bearer token.

Find more questions by tags JavaScriptNode.js