Hello every one , i have a question about how to keep the app logged in after the first login
thanks a lot
What are you using for login? You’re probably going to have to look into using a refresh-token (or something similar for your chosen login method) to stop user’s from being signed out.
Example, my login solution uses JWT, which gives me several tokens…one of which is a refreshToken. Once their accessToken expires (mine is set to 1 hour), I use the refreshToken to get a renewed accessToken to keep them logged in.
1 Like
To expand on what @fanofskynyrd said, you can store said JWT in SecureStore (though you’ll have to fallback to AsyncStorage if you’re supporting Android 5). If your server-side app uses cookies to store the session ID/ token and sets it via a set-cookie header when you log in (this is common for web apps), then you don’t even need that- the cookie will be stored by the networking stack for future logins.
What you definitely want to avoid is storing anyone’s username or password- virtually everything supports some kind of token or session-cookie-based authentication, so there’s really no need to do this anymore.
If all this sounds like a lot to process- well, it kind of is. There’s a lot to security! If there’s not already something in place on the server-side of your app, you may consider something like Auth0, with provides authentication-as-a-service, and supports this stuff without having to get too much into the weeds.
1 Like