I have a database which has some data tables and a user table. This database is queried only through a php page, which executes classical CRUD operations. Then, I have an Android app which calls the php page (through Volley) to read/write data, and shows data back to the user.
I'd like to implement a login layer, i.e. the app user does a login, and then can operate on data.
So: user inputs user&pass, pass is hashed, php page is called with action=login user and hashpass, php page queries the db to check credentials, the record is found, the php page sends a "success" back to the app. But then, how to keep authentication in the next CRUD operations? What are the best practices to handle this in a safe and robust way?
Thanks a lot
Use SharedPreferences class to store authorization token. So when you successfully log in send token as request and save it there. On log out clear SharedPreferences. Good luck