Join now Sign in

From the course: Writing Secure Code for Android by Infosec

Unlock this course with a free trial

Join today to access over 25,400 courses taught by industry experts.

Session management, part 2

Session management, part 2

From the course: Writing Secure Code for Android by Infosec

Start my 1-month free trial Buy for my team

Session management, part 2

“

- Session management part two. Let's take a look at a client server session. We know that your client app will get a token from the server. That token information can be stored in shared preferences. When the user connects to some website, they'll put in their credentials, the server will authenticate it, and it'll give you back a response, which includes an access token, a refresh token, and the time when the token will expire, usually in seconds. To maintain the session, you're going to want to store the token in shared preferences. In this way, your app can go and ask for a refresh. We keep track of the actual expiration time, so when we get the token and we get the expiration time, we're going to calculate the user login time plus the expiration time. This is when, or the token expiration time, this is when the user has got to refresh. When the user comes back to the application, you'll check, has the token expired or not? Compare the return time to the expiration time. If the…

Contents

- (Locked)
  
  Final thoughts
  
  40s