I am building an android application and I am curious for what is "best practice" when it comes to session management.
I set up my application to authenticate (to google-play-services). I would like to store a Session Id and have it expire when the user leaves the application. Is a cookie the best way to do this? Is there a better alternative? Any sample code would be very helpful.
Thanks, Craig
Generally, session id is saved in shared preferences, unless security is your concern; in which case, you should encrypt and save it and then decrypt it every time before hitting an endpoint.
Session id is maintained by server for each session i.e. session id remains same for a session. Successful login marks the beginning of a session and a successful logout marks the end of a session. Another way, a session can end is through timeout. The value of timeout depends on how critical the app is i.e. if its a banking app then the server will timeout a session within minutes, whereas an e-commerce app can have a longer timeout (Beyond scope: server caches session)
For e.g. when you log in, you receive a session id. Now, you can use this session id to make other requests. This session id expires when you log out or you timeout.
In your case, please check whether you are timing out or logging out. Remember, a server generates a unique session id for every session.
