How to manage session for a user logged in from mobile app in PHP?

Question

I\'m a PHP programmer by profession. So, I don\'t have any idea about iOS and Android coding.

The scenario is there is one website developed using a

Answer 1

Unlike web browsers, iOS and android apps cannot maintain sessions. Usually, once a user has logged in (login credentials verified from server), its login credentials are saved on client side. Then the app gets data from server using session less REST api calls. This is how mostly it is done in mobile applications.

However, if you want the server session and mobile app go hand in hand (which i don't think is a good idea), the way is

1) When the user logs in, a security token is generated on the server side and saved on both server and client side.

2) The mobile app will be able to communicate with the server as long as the security token is valid.

3) When the session expires, the security token becomes invalid. Now there must be an understanding between server and client about the response when the session is expired. Now the mobile app must redirect the user to login page again. The user will login again and then communicate with the server. This should happen every time the session is expired.