What's the best way to keep ios app signed in?

Question

I'm working on a ios app need to communicate with server. When user first time launch the app, he's prompted to input his username and password. Once he's authenticated, i want to keep him signed in until he signed out explicitly.

after digging in Apple documents for several hours, I can point out two methods to implement the idea: <1> use http basic/digest authentication. Once user is authenticated, i save username and password in keychain. Whenever the server requires authentication, by implementing connection:didReceiveAuthenticationChallenge: function, app can load username and password, and construct legal NSURLCredential. Certainly it will work, but every request must authenticate one time and transfer user secret frequently.

<2> use http cookie Once user is authenticated, the server response with a unique token in cookie. Depend on the feature The URL loading system automatically sends any stored cookies appropriate for an NSURLRequest. I'm not sure whether the cookie will be lost when user kill the app.

Do you think the two methods is ok? which one is better? Is there any other methods to do the same thing?

I notice many clients(twitter/facebook/...) keep user signed in, what method they use? Thanks;

BTW, I have saved username and password in keychain, but to keep signed in, I think there is more work to do.

Save your user name and password in device keychain. see this http://stackoverflow.com/questions/6972092/ios-how-to-store-username-password-within-an-app — Tirth, Apr 16 '13 at 09:50
I have saved username and password in keychain, but to keep signed in, there is more work to do. — xjdrew, Apr 16 '13 at 09:58

Mani · Answer 1 · 2013-04-16T10:06:42.290

0

I don't about cookie storage. But when you add user name and password to keychain, You have to clean up keychain when app get uninstalled. Otherwise it may keep in keychain, evenafter your app get uninstalled. Because keychain have key pair storage, but not app based storage. You can use NSUserDefault to store login details. I think it's a better way to do this..

edited Apr 16 '13 at 10:06

answered Apr 16 '13 at 09:53

Mani

17,549
13
79
100

score 0 · Answer 2 · answered Apr 16 '13 at 09:59

0

Try this one for keychain :

KeyChain sample code

you can also use NSUserDefault

answered Apr 16 '13 at 09:59

SAMIR RATHOD

3,512
1
20
45

1

nope nsuserdefaults is not a secure way ,keychain is for it .Use keychain – Lithu T.V Apr 16 '13 at 10:08

score 0 · Answer 3 · answered Apr 17 '13 at 05:45

try this one and save your authentication username password in NSUserDefaults. It's provide globally in application.

For Save your data try this

NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
[defaults setObject:isValid forKey:@"Username"];
[defaults setObject:accessLevel forKey:@"Password"];

And for get data try this one

NSUserDefaults *defaultsCheck = [NSUserDefaults standardUserDefaults];
NSString  * userIDCheck = [defaultsCheck objectForKey:@"Username"];
NSString *accessLevelCheck = [defaultsCheck objectForKey:@"Password"];

Not a good idea to use NSUserDefaults for Username/Passwords. Instead you should use Keychain that it is secure and will remain for your app even if you remove your app and install it again. Take a look at documentation for the use of keychain. — Maziyar, May 28 '14 at 10:26

What's the best way to keep ios app signed in?

3 Answers3