Menu
Wanted to discuss under-the-hood information about how session is managed in case of mobile apps - native, hybrid and web applications?
Please validate below Session Management scenarios:
Native (Android/iOS) application
Hybrid (JET, ionic, Angular, Cordova) application
Web-HTML5 apps
Thanks and Regards,
Rohit
687
Summary: Native and hybrid apps are installed in an app store, whereas web apps are mobile-optimized webpages that look like an app. Both hybrid and web apps render HTML web pages, but hybrid apps use app-embedded browsers to do that.
A native app is one that is built for a specific platform, such as iPhone or Android, using their code libraries and accessing their available hardware features (camera, GPS, etc). A web-based app, on the other hand, is one that is hosted on the web and accessed from a browser on the mobile device.
Hybrid apps are built using a combination of HTML5 and languages like Java. Native apps are developed to work on one operating system. Native apps are built using Java, Swift, Objective-C. Web apps are responsive but have decreased intuitiveness and are much slower when compared to native applications.
Session management refers to the process of securely handling multiple requests to a web-based application or service from a single user or entity. Websites and browsers use HTTP to communicate, and a session is a series of HTTP requests and transactions initiated by the same user.
How it works? When your user enter username and password in your login screen, you give him a session cookie. This cookie is maintained every interaction within your user browser and your web site. You need to maintain this cookie in your server side. In addition to this session cookie, web sites hold additional information about user in server side session too.
Inherently, it is not scale-able.
If your user numbers are not high, you can hold this session cookies and additional information in one web server. But if user numbers are high, you need to solve with this with different approaches, like holding this session information in a database or session server.
Modern browsers has a local storage capacity. This local storage is ideal for non-critical information for users. Session storage is one session only and when user closes browser (tab), it is deleted. Local storage is for one site, and you need to explicitly delete it or users may choose to delete it. Store any non-critical information here. If your users logs out from your site, delete them.
A Cordova application is no different from web browser. Here you are sure that your user is only user in this computer (mobile phone); therefore, use exclusively local storage.
Use sqlite to hold your all session information. Never use cookie authorization with native application, it is unnecessary and not scale-able. Use token authorization.
For all applications use your login screen to get authorization token, for example JWT token and store it in your application.
Read difference between cookie authorization vs token authorization here.
Do not store any confidential information (password, credit card ..) in any of these storage. Store them in your database, and show them to user case by case.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
