I am developing an Django based web application with a client android app. On the web side the authentication is done with the help of session id stored in cookies(the default Django implementation). But I am not able to figure out how to authenticate the user in android client. The available options are to go with the same session/cookies or Tokens. Tokens can be OAuth or just simple tokens. The points that I am not able to understand are these
- Whats the problem in sessions authentication?? Does no use it for their mobile apps?
- What are the advantages of using Tokens over the session thing?
- If Tokens than should I be using OAuth kind of or just simple token as I am not planning to allow any third party to use the api's.
- Should I also include the device id for authentication.
Please try to give a answer with explanation and if possible examples of what best practices are and who is using what. I would also like to know what authentication mechanism most companies like facebook, twitter, dropbox, google, etc are using for their android apps(not third party clients).
来源:https://stackoverflow.com/questions/16816815/authentication-in-android