Menu
I am building an offline web app targeting iPhone and other mobile devices. Is there any way we can keep the user authentication saved using WebSql local storage?
So when you open the web app while it's offline, I want Either user to be logged in already or the user should be able to log in.
451
I don't know how to store or use client state data (keychain in iOS also in Android), but for web app perspective, you don't have to do anything. You don't have to do anything because if you can it is not secure. After login, server will set HTTP only cookie that live for some days or weeks. During these time, request with credentials to the server is always authenticated by the browser. You can request login email or whatever from the server. For additional security purpose server may request XSRF token. In that case save it in localStorage. Loosing this token means not much.
This is the safest ways and it is also used by mobile clients including internet banking through WebView. Using browser for authentication is safest and easiest because there is a lot of weak points such as credentials storage, checking correct ssl certificates, encryption, etc. With webview, everything is taken care of by the browser.
If you are interested how these server codes are, I had explanation with Appengine cross domain authentication server code.
193
If I understand the question correctly, this is how you could do it:
When logging in (online):
When logging in (offline):
This will, of course, require users to log in using the online version at least once before logging in locally. This is how for example Windows 8 does it when somebody tries to log in to their Microsoft account while disconnected.
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
