I want to keep the user logged in an android app (used java no kotlin).
The problem is: In my php code at each user specific operation (like: getting user profile, user messages, editting, ....), I check for user session id, and this id is save in android's SQLite when logged in, but this session doesn't remain in the server it gets deleted after 2 hours (if not used) and also it doesn't returns a unique id, when a session gets deleted, the next user logs in the same id returns to him so after two hour the first user will be logged in as a different user XD.
So what should I do ? do I instead save the username and password and at each check I login or....?
Some part of login check:
PHP Code for check user is logged in:
session_id($_POST['conKey']);
session_start();
//1- connect and check if connection key is correct
if (Model::connect() == false) {
throw new Exception('error, could not connect to the database');
} else if (!isset($_SESSION['conKey'])) {
throw new Exception('no connection found');
} else if ($_SESSION['conKey'] != $_POST['conKey']) {
throw new Exception('no connection found');
}
This is how I return the session id in php when logged in
session_start();
$conKey = session_id();
if (empty($conKey)) {
throw new Exception('Faild to start session, please make sure your app is allowed to store sessions');
}
$_SESSION['conKey'] = $conKey;
echo json_encode(['connectionKey' => $conKey]);
Java Code Part I send conKey (saved session id when logged in) from SQLite
