Remember me - How it works on Hybrid mobile app

Question

I am developing an app for my website using intel xdk and cordova plugin. Now how can I develop a login with a basic "Remember me" feature? It is possible to use a cookie? or any secure way to do it? Currently I am able to login using ajax request to the server(php). But how to include this feature. Any idea?

Added my login function

if($.trim(email).length>0 && $.trim(password).length>0) {



                $.ajax({
                        type: "POST",
                        url: "http://www.example.com/app/login.php",
                        crossDomain: true,
                        dataType: 'json',
                        data: $.trim(frm.serialize()),
                        beforeSend: function(){
                            $('#loader').css({ display: "block" });
                        },
                        success: function(data,status,XHR) {
                            handleData(data);//handle the servers respond
                        },
                        error: function(httpReq,status,exception){
                            alert("Network error: "+status+" "+exception);
                            $('#loader').css({ display: "none" });
                        }

                    });
        }

Then the handle data code is here:

function handleData( responseData ) {
            var access = responseData;

            if(access == "good"){//server respond good username/pass
                alert("Welcome");
                $('#loader').css({ display: "none" });                  
            }                 

            else{
                alert("Your username and password didn\'t match.");

                $('#input_password').val('');
                $('#loader').css({ display: "none" });

            }
            console.log(responseData);
        }

The server only respond "good" for the right username/password. And "bad" for the wrong credential login.

Try storing login info in app when 'remember me option' is selected and make use of it for subsequent logins. Infact, there is a plugin to store secured info in cordova app. Check this out - https://github.com/Crypho/cordova-plugin-secure-storage — Gandhi, May 31 '16 at 03:16
As far as this plugin is concerned, it works only in iOS and Android. But you can extend the logic to windows by storing the sensitive info in local storage and encrypting the same using RSA algorithms which can be decrypted only by your server. This is the approach we are using for storing some sensitive info in app. Hope it helps. — Gandhi, May 31 '16 at 03:35
@Gandhi a favor as well, could you give me some idea on how can I integrate that to my login code? — c.k, May 31 '16 at 03:40
The integration part heavily relies on your existing login logic. To give an overview, you can probable store your credentials in local storage (encrypted) on first login with 'remember me' option and then make use of the store credentials for subsequent logic. — Gandhi, May 31 '16 at 03:43
@Gandhi Thank you for your help. You give me additional ideas. Could you please look up my login code. And give me feedback on how to implement it? I hope you got the logic on my code. — c.k, May 31 '16 at 03:59
The code looks straightforward. All you gotta do it decrypt password using RSA 1024 bit algorithm with a public key and store the same in local storage if the login callback is success. Then for subsequent login, check if the value is available in local storage, if yes make use of the same while making the login AJAX call. On the server side, you gotta use a private key to decrypt the password. This private key should be kept confidential in server side. — Gandhi, May 31 '16 at 04:05
Thank you! I will look for 'RSA 1024 bit algorithm' then go for that logic. Hope it goes well. If not I will try another. — c.k, May 31 '16 at 04:11
Just my suggestion: RSA 1024 bit is not so secure, one can decrypt it in one year with one $ million (Wikipedia - RSA). Better use RSA 2048 bit. — Zappescu, May 31 '16 at 07:14
@Gandhi, what do you think about "localStorage"? https://www.w3.org/TR/webstorage/#the-localstorage-attribute — c.k, May 31 '16 at 08:07
LocalStorage is a great minimal db, all data are saved as strings, but as plain text so you don't have privacy on data stored into the device. If you want to be sure on those data (i.e. password or something similar), you should save them as crypted data into the localstorage, as suggested before by @Gandhi — Zappescu, May 31 '16 at 09:02
@c.k i was suggesting you localStorage. also as Zappescu stated you can go for 2048 bit too to be more secured — Gandhi, May 31 '16 at 09:08
@Gandhi Do you have any reference on how to properly encrypt a password or email using RSA 2048? — c.k, Jun 08 '16 at 00:58
@c.k I would suggest to check this post - http://stackoverflow.com/questions/18952492/encrypt-a-small-string-with-rsa-in-javascript-then-decrypt-in-java-on-server — Gandhi, Jun 08 '16 at 07:38

score 0 · Answer 1 · answered May 31 '16 at 09:12

You can use WebSQL to store the login credentials / data (hopefully encrypted with key strength of 2048bits) and you can use it for other modules of the application where you need to store data (unencrypted) for specific scenarios like offline use, caching , on app storage only .

WebSQL provides an API for storing data in a structured database that can be queried using a standard SQL syntax (specifically, SQLite). As such, it provides all the power (and complexity) of SQL.

It is supported by the underlying WebView on the following Cordova platforms:

Android, BlackBerry 10 and iOS

https://cordova.apache.org/docs/en/latest/cordova/storage/storage.html

The entry point into creating or opening a database is the window.openDatabase() method:

    var db = window.openDatabase(name, version, displayName, estimatedSize);

It is not advisable to use WebSQL databases as it is deprecated. — Gandhi, May 31 '16 at 10:19

Remember me - How it works on Hybrid mobile app

1 Answers1