Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How Session Management approach differs in mobile native vs hybrid vs web applications?

Wanted to discuss under-the-hood information about how session is managed in case of mobile apps - native, hybrid and web applications?

Please validate below Session Management scenarios:

Native (Android/iOS) application

  1. Using Session Cookies: Session cookies are stored in your DefaultHttpClient object. Instead of creating a new DefaultHttpClient (AFNetworking in iOS) for every request, hold onto it and reuse it, and your session cookies will be maintained.

Hybrid (JET, ionic, Angular, Cordova) application

  1. Use localStorage to store the user info after a successful login. On logout clear the localStorage.

Web-HTML5 apps

  1. Attribute-SessionStorage in HTML5: Can be used by the sites to add data to the session storage, and it will be accessible to any page from the same site opened in that window i.e session and as soon as you close the window, session would be lost.

Thanks and Regards,

Rohit

like image 687
Rohit Avatar asked Jul 20 '16 06:07

Rohit


People also ask

What is the difference between native hybrid and web mobile applications?

Summary: Native and hybrid apps are installed in an app store, whereas web apps are mobile-optimized webpages that look like an app. Both hybrid and web apps render HTML web pages, but hybrid apps use app-embedded browsers to do that.

What is the difference between a native mobile app vs web app?

A native app is one that is built for a specific platform, such as iPhone or Android, using their code libraries and accessing their available hardware features (camera, GPS, etc). A web-based app, on the other hand, is one that is hosted on the web and accessed from a browser on the mobile device.

What is the difference between hybrid app and mobile app?

Hybrid apps are built using a combination of HTML5 and languages like Java. Native apps are developed to work on one operating system. Native apps are built using Java, Swift, Objective-C. Web apps are responsive but have decreased intuitiveness and are much slower when compared to native applications.

How does session management work in web application?

Session management refers to the process of securely handling multiple requests to a web-based application or service from a single user or entity. Websites and browsers use HTTP to communicate, and a session is a series of HTTP requests and transactions initiated by the same user.


1 Answers

Old way of managing sessions is via cookies.

How it works? When your user enter username and password in your login screen, you give him a session cookie. This cookie is maintained every interaction within your user browser and your web site. You need to maintain this cookie in your server side. In addition to this session cookie, web sites hold additional information about user in server side session too.

What is problem of this approach?

Inherently, it is not scale-able.

If your user numbers are not high, you can hold this session cookies and additional information in one web server. But if user numbers are high, you need to solve with this with different approaches, like holding this session information in a database or session server.

What is new way of storing sessions

Modern browsers has a local storage capacity. This local storage is ideal for non-critical information for users. Session storage is one session only and when user closes browser (tab), it is deleted. Local storage is for one site, and you need to explicitly delete it or users may choose to delete it. Store any non-critical information here. If your users logs out from your site, delete them.

Hybrid (JET, ionic, Angular, Cordova) application

A Cordova application is no different from web browser. Here you are sure that your user is only user in this computer (mobile phone); therefore, use exclusively local storage.

Native (Android/iOS) application

Use sqlite to hold your all session information. Never use cookie authorization with native application, it is unnecessary and not scale-able. Use token authorization.

All applications.

For all applications use your login screen to get authorization token, for example JWT token and store it in your application.

  1. web application - local storage
  2. hybrid application mobile - local storage
  3. native application - sqlite

Read difference between cookie authorization vs token authorization here.

Confidential Information

Do not store any confidential information (password, credit card ..) in any of these storage. Store them in your database, and show them to user case by case.

like image 100
Atilla Ozgur Avatar answered Oct 10 '22 21:10

Atilla Ozgur