Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m not an iPhone developer but I’m starting on a project that is based on a PHP back-end server supplying data to iPhone useragents and I’m wondering where to start with sessions/security.
With browsers, I can simply pass a cookie (containing a session id) on login.
However, I’m wondering if the iPhone is different. Do iPhone apps have access to storage space for something like a cookie/token? Are their anythings that I need to watch out for that make the iPhone app user agents special?
Things using NSURLRequest use NSHTTPCookieStorage by default. Of course, cookies aren’t shared between apps.
You can additionally store things with NSUserDefaults or using the keychain (SecKeychain* functions); the keychain APIs are a bit cumbersome but there are examples out there. I’d prefer using the keychain for anything particularly sensitive; most files are stored unencrypted and most people don’t enable encrypted backups (I’m not sure whether using the keychain with no passcode is secure either, but hey…)
You might also want to worry about how long the token is saved for (typing on an iPhone is a pain and browsers don’t save passwords by default) and how easily it can be revoked.