-5

I have a web application and Android application if a user changes a password in a web application, the Android app has to log out automatically, how should I do this?

Manjunath Narasannavar
  • 11
  • 5
  • Your question is too general and asking for opinionated input. There are probably other SO related sites that can help you better. – not2qubit Jun 29 '18 at 07:55
  • Please accept the answer if it was helpful and you are doing it this way. :) – Dev Utkarsh Jun 29 '18 at 07:57
  • But in my app, have the only login, no registration, username and password will be given by admin, but in a website, if the user changes a password, that time the app as to log out automatically, how should I do? Should I check password whenever the app hits to any API or any other solution? – Manjunath Narasannavar Jun 29 '18 at 09:12

2 Answers2

1

On your first login, generate a unique string and call it session variable. Store this session variable on your server backend after first successful login and save the same session variable in your android local memory. Every time when the user opens the application, send this session key to server and validate back to the client, though you should use this to validate every single request made to server by client. If the key matches, session is validatd and continue on app, else logout the client. This will help in keeping only one device be logged in too.

Dev Utkarsh
  • 1,377
  • 2
  • 18
  • 43
  • 2
    I would recommend using something like: https://jwt.io/ instead of just a randomly generated string :) – Stephen Jun 29 '18 at 08:00
  • 1
    Can't deny you! Jwt tokens are more reliable. But don't want to push it hard on new developers with too many libraries. :p – Dev Utkarsh Jun 29 '18 at 08:03
  • No better time than the present – Stephen Jun 29 '18 at 08:06
  • But in my app, have the only login, no registration, username and password will be given by admin, but in a website, if the user changes a password, that time the app as to log out automatically, how should I do? Should I check password whenever the app hits to any API or any other solution? – Manjunath Narasannavar Jun 29 '18 at 09:10
  • Yes you will have to every time validate the user before processing the request. Don't use password, use sessions to validate. You can go through jwt.io for token and session handling. – Dev Utkarsh Jun 29 '18 at 09:12
  • I have a web application and Android application if a user changes a password in a web application, the Android app has to log out automatically, how should I do this? for this session will help? – Manjunath Narasannavar Jun 29 '18 at 09:27
0

The simplest way is using tokens with short expiry time. Check JWT and use it with whatever backend language you are comfortable with. Then user refresh token to get new access token. So when password changes invalidate both access token and refresh token so that next time app requests for new token will be forced to log in.

If you didn't understand what I have just written, check out Oauth2 with JWT. Especially Authorization Code with PKCE

Community
  • 1
  • 1
Stefano Mtangoo
  • 6,017
  • 6
  • 47
  • 93