Re: Persistent login (e.g. users logs in for two weeks)
Mo,
You might want to clarify specifically what your situation is. The answer varies accordingly.
Specifically:
If you have a desktop app (old-style Alpha constructions) then I can't speak to it as I'm only
in the browser/mobile space. I would imagine you could simply set your security considerations
to allow continuous login for a specified period (as you can with mobile/browser).
If you are using security managed by a webserver (true for both browser-based and mobile-based apps)
then you can do this:
The challenge
The ultimate solution
Whether we have useful code or techniques to share depends on whether you are using A5W pages, UX components accessed from a browser, or UX components in a PhoneGap app.
Mo,
You might want to clarify specifically what your situation is. The answer varies accordingly.
Specifically:
- Only desktop users?
- Only browser users?
- Only mobile users via PhoneGap-wrapped apps?
- Some combination of the above?
If you have a desktop app (old-style Alpha constructions) then I can't speak to it as I'm only
in the browser/mobile space. I would imagine you could simply set your security considerations
to allow continuous login for a specified period (as you can with mobile/browser).
If you are using security managed by a webserver (true for both browser-based and mobile-based apps)
then you can do this:
- open your project
- open the web-projects window
- at the top, choose the option "Web Security", which will open a window
- then choose the "Web Security Configuration"
- you will get another window... this one with several TABS at the top
- choose the "Login Options" tab and adjust the "login expiration policy" and the "login expiration time"
- see the example below
The challenge
- The normal method for login control is accomplished through "session variables"
- If the server bounces or the session dies, your login information and any variables you maintain to manage the login process will vanish
- the noted example (earlier in this post) is outside of session variables and works with a cookie on the browser
- which means... it works great for cases (e.g. desktop) or mobile (browser access, not PhoneGap) where cookies are enabled
- but... this method DOES NOT WORK for PHONEGAP apps because phonegap does not enable cookies for its execution of components.
The ultimate solution
- as of today (Oct 30th, 2014) there is not a good solution for Alpha-centric persistent login from a PhoneGap app
- you can't use stored (offline) LISTS or variables to store the login or password because they would still be accessible to a reasonable hacker
- you CAN achieve a similar effect by storing logins/passwords in a standard table and then encrypting and decrypting the password on the server side (only passing an encrypted version back to the Phonegap app)
- however... this question has come up enough that some efforts are currently underway at Alpha to address it with a built-in solution.
- Note: that information comes from another user here on the forum who (along with myself) are directly affected by mobile-centric persistent logins.
- Finally... if your app is consumer-centric (not corporate in nature) then you can engage the built-in Facebook and Google+ (or other social media) options introduced in September 2014.
Whether we have useful code or techniques to share depends on whether you are using A5W pages, UX components accessed from a browser, or UX components in a PhoneGap app.
Comment