hi. There is a service written in laravel. There is a rest api. Need to do now mobile app, with authentication, and of course after successful authentication the access to the personal account. The app I write using electronjs. But how and where to store the session in a mobile application, how to control access rights?
No matter what You write and how (PHP, rest/non-rest, etc.): scheme - all one.
About the session:
1. The server creates the session ID and always specifies it in the response to each client request.
2. The client uses this identifier (usually in the cookie store of the browser) with every subsequent request.
3. If the server in the response indicated a NEW session ID, the client must use the new.
About the token:
A token and combines the authorization and session using the hashing operation.
1. After receiving the session identifier from the server, the client sends hashed information based on the login, password and ID received.
2. The server checks and, if correct, issues a token for subsequent requests.
3. To protect from a recovery formula hash from the same data used polymorphism: adds a random parameter and a timestamp to the parameters passed.
4. To protect the uniqueness is on the server side provides daily storage of all queries based on the token.
The token can be both permanent and disposable.
1. Permanent - when on every request to server it not changing.
2. Disposable - when after each request to the server, the server issues a new token.
karina59 answered on July 9th 19 at 10:15
You probably wanted to say with ionic framework?
Electron for desktop.
Can see react native or anything else.
Don't quite understand what the problem is control right? This should be handled by Your API on the server(whether or not such a method). And on the client simply store the token for requests.