0

I am making an app with local Html files inside the assets folder in android studio. When opened it first open index.html files as specified. As it is routine application, I was wondering if I could add Remember this functionality, such that when user loads application, they'll get automatically redirects to the same page they have checked and also provides Reset in case they want to reset their choice in future.

Any Help would be greatly appreciated.

Sagar Rawal
  • 77
  • 6
  • 1
    Yes you can add this functionality, but its better for you and for anyone who wants to help to post your code. Thanks – Fotis Grigorakis Jul 26 '17 at 11:38
  • Thanks Fotis but I have total 5 pages with Routine of 5 Sections . They have just simple structure html files and href to link to other page. – Sagar Rawal Jul 26 '17 at 11:42

1 Answers1

3

Improved Persistent Login Cookie Best Practice

You could use this strategy described here as best practice (2006) or an updated strategy described here (2015):

  1. When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard session management cookie.
  2. The login cookie contains a series identifier and a token. The series and token are unguessable random numbers from a suitably large space. Both are stored together in a database table, the token is hashed (sha256 is fine).
  3. When a non-logged-in user visits the site and presents a login cookie, the series identifier is looked up in the database.
    1. If the series identifier is present and the hash of the token matches the hash for that series identifier, the user is considered authenticated. A new token is generated, a new hash for the token is stored over the old record, and a new login cookie is issued to the user (it's okay to re-use the series identifier).
    2. If the series is present but the token does not match, a theft is assumed. The user receives a strongly worded warning and all of the user's remembered sessions are deleted.
    3. If the username and series are not present, the login cookie is ignored.

This approach provides defense-in-depth. If someone manages to leak the database table, it does not give an attacker an open door for impersonating users.

Fotis Grigorakis
  • 363
  • 1
  • 3
  • 16
  • Thank you Fotis for your details explanation, can I achieve functionality from local files ( not hosted in some server ) , as this is an offline application and every page I have is inside resource folder from where user get acess to html files. – Sagar Rawal Jul 26 '17 at 12:04
  • It depends on your browser. Chrome e.g. doesn't allow cookies for local files. see https://stackoverflow.com/questions/8602833/where-cookie-saved-for-local-html-file for information. (if my answer helped you please give an up vote and accepte it) – Fotis Grigorakis Jul 26 '17 at 12:10
  • @FotisGrigorakis thank you for this, useful article and your synopsis is very clear. – YvesLeBorg Jul 26 '17 at 13:14