I'm building an app that checks as site every 15 minutes for changes. I can do this fine in the app, when it's open. But how do I go about doing this while the app is in the background?
The trouble is I don't think I can use the Push Notification Service. The page on the site which is being checked, requires the user to be logged into the site. Because there is a cookie jar for each app, the user logs into the site through a UIWebView at the beginning and then once logged in, the site is polled every 15 minutes using NSURLConnection and receives the data for the logged in user because of the cookies created at login in the webview. I don't believe there is a way to do this on a server for many different users? And if there was wouldn't the user's site username and password have to be stored on my push server which is a huge no.
So can I use task completion, or is it possible to access a page that only appears correct when the correct cookies are present from a server and then use push notification.
Unfortunately there is no way to get the cookie from a UIWebview. And task background completion can only run for 10 minutes.
I'm not sure what kind of website you are trying to access, but if you can replicate the login using a NSURLConnection you can retrieve the cookie using NSHTTPCookie. Then store the cookie data on your server and then access the web site from the server with the "Set-Cookie" header to check the content for changes.
This, of course, depends on how long the cookie lasts (expires).
Related
I am building an iOS app with a web component. The web component will simply be a website that will allow users without accounts to perform a basic action like sending text to another user. I am using firebase as my backend so for the web component I'm anonymously authenticating the visitor. Once the user completes the action, I log their action in a database (hence the need for authentication) and give them the option of downloading the app, where they will make an account. My plan is to then convert their anonymous account into a permanent account on firebase.
The problem lies in the following:
I want to somehow "know" the user's authUID/web session once they leave the site and download the app in order to either a) pass their anonymous session and convert it to a permanent account once the user completes the sign up (email, password), or b) have their authUID so I can match them to their anonymous session and transfer their logs to the account they create upon sign up.
I feel like I'm overcomplicating this; the premise is: web visitor does something, downloads the app, i match the app user to the web visitor to sync their data.
I have tried using cookies but from what I've read, it is not possible to view cookies in safari since iOS 11. Is there any other way to transfer information between safari and an app?
I am working on my first app so I am not so experienced with this stuff yet. I have figured out how to send a POST request url to a php page and process the php to register a new user in the mySQL database or log in to the app by connecting to the database to see if the user exists.
First off, does that seem correct? To just send the request to register a user with text field variables and to log in by checking if the text field information exists in the database or should I be implementing some other ways to do this?
Second, What should I be doing once the user enters in his credentials in order to tell the app that the user is logged in so that if the app closes down and the user goes back to the app, it will automatically log the user back in.
That being said, the way this app is going to work (as of now) is the user will log into the app, and the log in view will go to a different view but then the user can log out and it will go back to the log in view. Once I can tell the app that the user is logged in, I should be able to tell the app that the user isn't logged in anymore.
How you implement your database security is up to you. I would recommend you route your authorization/updates/gets/posts to an API so you don't need a PHP "middle man" (unless the PHP is your API) and you can send requests directly to the API layer and handle the rest on the server.
As for the plain text part, it is a common security practice to encrypt passwords on the database. On the client side, I'd suggest using the Apple Keychain to store the username/password for future use. In iOS, this can be easily implemented using this Keychain Wrapper if you're using ARC or this one if you aren't.
I'm building an iPhone app that, in part, allows the user to log in to, pull data, and post data back to a Wordpress site (more specifically, Buddypress). One way I'm considering approaching this problem is to use a series of UIWebViews to display the mobile-themed version of the site.
Ideally, I want the user to be able to, upon first-launch of the app, input their username and password, and then never have to do it again (functionally similar to tons of other social apps out there, like Facebook, Twitter, etc.)
Here's my question - obviously it is easy to store the user's login credentials, but how do I, in the background, establish an authenticated and persistant session with those credentials each time the app opens, so for the user, they are never presented with a login screen again, and can just use the app like normal?
Does anybody have any suggestions?
WordPress uses XMLRPC to authenticate. You can, on top of the API given, write your own codes to store credentials. Persistent session can then be made.
Read this FAQ : XML-RPC Support for WordPress
Right now I am developing a Web-based Application, where the User has to login first.
When I open the Page by iPhone Safari, login and restart Safari, I am still logged in (Cookie & Session ID still set).
But when I add this Page with "Add to Home Screen", each Time i click the Icon for that page, I have to login again.
I did not find any information about that. What can I do so my users can set this page to their home screen
as icon and still don't have to login each time they open it?
A really simple approach could be to use a unique token in your Bookmark-URL which can serve you as a unique device identifier.
Example:
http://myWebApp.com/?token=randomId29238/1
The token can be generated at the server side at opening time of the application in Mobile Safari and before the user is prompted with the "Add to Home Screen" information.
The token can then be added to the URL using a quick redirect (…&token=randomToken) or a location hash (…#randomToken).
Whenever the Bookmark is now opened from the Home Screen, the token is sent to your server and you can identify the user's active session.
You may also use the token as a permanent session id, but I advise against that because of security concerns.
To allow future logout and login procedures, you can always assign the new sessions to the token.
The token will serve you as a unique device identifier whenever the user will re-open your link from his Home Screen.
There is an easier and, imo, more elegant solution than favo's.
At least under iOS 4.2.1, 5.1.1, 6.0 and 6.1 (I couldn't test other versions), if you extend the lifetime of your session cookie manually, Safari will hold on to the session cookie and even allow sharing of the session between the 'home screen installed' version of your web app and normal visits through Safari itself.
The trick is to do this:
// Start or resume session
session_start();
// Extend cookie life time by an amount of your liking
$cookieLifetime = 365 * 24 * 60 * 60; // A year in seconds
setcookie(session_name(),session_id(),time()+$cookieLifetime);
For a more elaborate discussion of this strategy you can take a look at my answer of this question:
Maintain PHP Session in web app on iPhone
I am going to expand a little further on Waldo Baggins' answer.
When I ran into this, I discovered the reason this was happening is that session cookies set on the server usually do not have an expiration value set. The default behavior in this case is for the browser to discard the cookie when the browser is closed / re-opened. Since the browser does not resend the cookie on re-opening, the server has no way of identifying the session, even if it hasn't expired on the server yet, and thus, your user is redirected back to the login page.
When the user is using your site in web app mode (icon added to home screen), iOS treats navigating to / from the app the same way a desktop computer would treat closing and reopening the browser, and loses the session when reopened.
So following Wilbo's suggestion and setting an expiration time for the cookie, iOS checks if the cookie has expired when the user navigates back to your app, and if it hasn't, re-sends the cookie, thus maintaining the session. The value of 1 year in Wilbo's answer is ridiculously long, you would typically want to set this to something like 8 or 24 hours, and ideally sync it with the session expiry timeout value you have set on the server.
Note that as a side effect, when your site is accessed from a desktop browser, and the user closes and re-opens the browser, the session would continue to persist and the user will still be logged in, which wouldn't have been the case previously (unless they were browsing privately). Your "Logout" feature would have to properly handle expiring this cookie.
For a Java webapp using web.xml version 3.0 or higher, the easiest way to do this is to modify <session-config> as follows:
<session-config>
<session-timeout>600</session-timeout> <!-- In minutes -->
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
<max-age>36000</max-age> <!-- In seconds -->
</cookie-config>
</session-config>
There are persistent key-value storage and database storage available for web apps. You can save your authentication data using localStorage object and use XMLHttpRequest to send it to the server.
Another option is saving your persistent data in a SQLite database, however this doesn’t seem to be a proper solution in your case.
Check out Apple’s Client-Side Storage and Offline Applications Programming Guide for details/examples.
I am Making an Iphone application which is web-service enabled. Also I have skeleton of this application.I am using rest to feed the contents of view controllers. When application is launched it is presented with Login page asking username and password. Clicking Login button sends request to server and in response xml data is fetched. Then I parse this data to get user logged. But i dont know how will i manage sessions,and how clicking logout button will end this session. This application is most-like RSSFeeder,means user gets real-time data.
Any help would be greatly appreciated.Thank You All.
As it seems obvious you are using REST connection,you need not take session in consideration.
just feed your username and password and other stuff in the URLRequest and make connections.
You can also use Setting perferences in settings.Bundle to autofeed your URLRequest.