Home/ Questions/Q 7988125
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T12:20:44+00:00

I’ve only been working on an iOS app now for a couple weeks so

  • 0

I’ve only been working on an iOS app now for a couple weeks so bear with me. I want my app’s first screen to be a login with email address and password. I got the view set up however I’m just not sure what’s the best way to store the authentication.

The authentication itself will be handled server side. When the user enters their email and password, it will run connect to my server and return JSON if it failed or not. If it is successful I will return whatever I need.

The question is, what information should I store and where do I store it? Should I store their user id and their password as a md5 string? Then every time I make a call to the server I can pass their user id and md5 string to verify if they have access. Does that make sense to do?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, you should store the credentials on the device. That way, when the session expires on the server, the user can be immediately re-authenticated. (Keep in mind, this is less secure than forcing the user to log in each time, because if the user looses his phone, anyone who finds it could have access to his account.)

    Just store the email address and password in an SQLite table, a plist, a text file, or whatever you want. It’s probably best to encrypt the password, even though no other applications will be able to access the file you store it in.

    Edit:

    Btw, you don’t necessarily have to pass the credentials to the server with every request. I don’t know what you are using on the server side, but you can set it up to use sessions, so they user will stay longed in for a while before having to re-authenticate. Here is some code I have used to send credentials:

    NSURLConnection *connection;
NSString *url = [NSString stringWithFormat:@"http://example.com/service/authenticate.ashx"];
NSString *username = [self.usernameField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSString *password = [self.passwordField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSMutableString* requestURL = [[NSMutableString alloc] initWithString:url];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString: [NSString stringWithString:requestURL]]];
[request setHTTPMethod: @"POST"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"content-type"];
[request setHTTPBody:[[NSString stringWithFormat:@"username=%@&password=%@", username, password] dataUsingEncoding:NSUTF8StringEncoding]];
connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];

    That NSURLConnection object will manage the cookie and keep the user logged in, so you can use it to keep sending requests to the server until the session expires.

    • 0