User Login and Session Token

Tue Apr 23, 2013 5:24 pm

Can you give me some information on how the user login process works? I want to create a mechanism or JS function that can validate that a user is logged on. Right now my login_service is returning the session token to a localStorage variable. On page load I can check that variable (!mySessionToken) then {} but how can I validate is that session token is valid? Does it expire? I want users to be logged in as many of the things they do revolve around their users account. I don't want them to have to relogin repeatedly but want to have a way to validate the person is an active logged in user.

For example, if a user logs into my app and it is successful, it will bring them to the homeScreen. If it fails it will give them an error message. if they are inactive in the app for xDays when they open the app again how can I validate that they are a true user and their token is active?

Tue Apr 23, 2013 7:05 pm

Hi Kameron,

We do not have special API for check if user is logged in. But you can check session token validation by creating request to database. Call Rest Service to get user list. If session token is invalid then Rest Service will be finished with error.

Tue Apr 23, 2013 10:21 pm

Do I do this on behalf of the user during page load?

Tue Apr 23, 2013 10:23 pm

Sure. You can do it any where in the app, on any event.

Tue Apr 23, 2013 11:35 pm

How do I submit a service request and include the session token?

Tue Apr 23, 2013 11:36 pm

It's included as a header, similar to database id.

Wed Apr 24, 2013 3:02 am

I am confused. I know how to invoke the list service but how can I ensure that the user will be reprompted for login when their token expires? is this automatic. Is there is easy way to protect each screen to only allow registered users to see it? My thought was that on screen load I could create a JS function that would verify that the session token was valid and if not redirect them to the login page.

Wed Apr 24, 2013 4:00 am

It's not automatic..it's something you need to implement.

Thu Apr 25, 2013 6:18 pm

Is there any way from my 'load' event to perform a check to see if the user has logged in? For instance. if upon successful login I set a local varialbel of loggedInUser to 'username' can I then check to ensure that value is not empty? Does the local variable get cleared at anytime? Does that experience differ for web app vs native apps?

Thu Apr 25, 2013 7:04 pm

Hi Kameron,

localStorage is not cleaned after you close site or quit the app. This is a permanent data storage. If you save sessionToken in any localStorage variable, then the variable will still keep its value when site/app opening.