Validate session of rest api(PHP) through android

Question

I have created a rest API which is handling a session. I want to validate that session through android.

MY ANDROID CODE FOR ACCESS API

        URL url = new URL("xxx.xxx.x.x./dir/file_name.php");
        HttpURLConnection connection = (HttpURLConnection)url.openConnection();
        connection.setRequestMethod("POST");
        DataOutputStream streamWriter = new   DataOutputStream(connection.getOutputStream());
        streamWriter.write(parameters.getBytes());
        streamWriter.flush();
        streamWriter.close();

        InputStreamReader streamReader = new InputStreamReader(connection.getInputStream());
        BufferedReader br = new BufferedReader(streamReader);
        String line;
        StringBuilder sb = new StringBuilder();

        while ((line = br.readLine()) != null) {
            sb.append(line);
        }
        br.close();
        webResult= sb.toString();
        return webResult;

MY PHP side code for checking that Session (it is perfectly working in browser)

// start PHP tag here

$sessionID = "something " ;

session_start();

if ( ! isset( $_SESSION['Id'] ) || $sessionID != $_SESSION['Id'] ) {

echo "Invalid session";
die();

} else {

echo "Session is active.";

}

// close PHP tag here

Please help me Thankewww in andvance – Shivam Kumar Feb 24 '17 at 13:46 — Shivam Kumar, Feb 24 '17 at 13:46

score 0 · Answer 1 · edited May 23 '17 at 12:25

I am not sure you can use sessions with Android. The idea of a session is that you use the cookies of the browser to store a session ID, and I think Android Apps don't allow cookies.

However, what you can do is something similar:

1. You generate a random string in PHP

You can use This function to generate the random string.

2. Store it somewhere in your database with an expiration time

Basically, if you want a session to last for 1 hour, you store an expiration time equal now + 1 hour.

3. Send it to the App and store it somewhere in the app

So now, you how a random string which is the session ID. It is stored on the App side, and on the server side.

Now anytime you want to store a session variable, you retrieve the session ID (you send it from the app, then check if it exists on the server side). Then you store the variable in your database with the following attributes: Session_id, var_name, var_value.

Then, when you want to retrieve a session variable, you can do it through the session_id and var_name.

Then, basically, if the session_id has expired (current date > expiration date), you remove all the variables with this session id, and generate a new empty one.

Hope this helps :-)

actually i am looking for api security that only authorized user can access. do you have any other solution for api security ?. and thank you for above help — Shivam Kumar, Feb 25 '17 at 05:21
First thing you can do isn't use exactly this solution and generate a session id only if the user is authentified (and remove the session when the user logs out). If you want an existing solution, maybe try OAuth — 4br3mm0rd, Feb 26 '17 at 11:59

Validate session of rest api(PHP) through android

1 Answers1