Mobile authentication

Mobile authentication

  

Hi,

In a mobile app how can the authentication mechanism be changed from Persistent login to session login?

The porpuse is to request the username/password (or pin) everytime the application is closed or have been idle without user interaction. There is any example with this flow available?

Thanks,

JP

Joao Pinto wrote:

Hi,

In a mobile app how can the authentication mechanism be changed from Persistent login to session login?

The porpuse is to request the username/password (or pin) everytime the application is closed or have been idle without user interaction. There is any example with this flow available?

Thanks,

JP

Hi João.

Remember that in P10 mobile you don't have session variables.

A possible workaround to simulate a similar mechanism can be the creation of an entity in the local storage to work as one (encrypted, of course).

Cheers,

GM


Hi Gonçalo,

I'm not talking about session variables (that don't exist in mobile), I'm talking about the persistent and session login.

If you check this video http://www.outsystems.com/learn/lesson/827/mobile-security/ at minute 1:00 is mentioned two login systems: "Persistent login & Session login".

The question is how to activate the second since it seems that the first is the default?

Thanks,

JP

Hi João,

If you pay attention to the video, you will see that its told the Session Login is for Web Applications.
The idea of a "session" is weird for mobile in P10, as it can work offline.

But you can, for example, store information on "login" in the server size (server database) and than verify it every request, to check if a certain ammount of time passed and than raise an error or something else.

Hope it helps.

Cheers,
Eduardo Jauch

Eduardo Jauch wrote:

Hi João,

If you pay attention to the video, you will see that its told the Session Login is for Web Applications.
The idea of a "session" is weird for mobile in P10, as it can work offline.

But you can, for example, store information on "login" in the server size (server database) and than verify it every request, to check if a certain ammount of time passed and than raise an error or something else.

Hope it helps.

Cheers,
Eduardo Jauch


Hi Eduardo,

It's strange because if you check at servicecenter at Administration -> Security -> Mobile Applications Authentication you will see that is available the option to configure the Max idle timeout on the session login settings. The screen is supposed to be related only with mobile applications.

Thanks,

JP 

Hello João,

You are absolutely right. I never noticed that option.
But I think it is only the contrary of "persistent login".

Try to disable persistent login, so that when you application is closed, the user is "logged out".

Cheers,
Eduardo Jauch

EDIT. Yes, it works. With "PersistentLogin" set to false, the user is logged out" if you close the application.

Hello João, How are you?


Did you solved your problem with the Login?

Cheers,
Eduardo Jauch