I have a PHP server with username and password to log-in to the private section. Right now it works fine, because once I have inserted username and password, the server stores my $_SESSION and I can surf from the browser correctly. I want to replicate something like that with a Java Application (Android). I'm thinking about what is the best way to authorize that client for the server; in the Shared Preferences I save the username and password so those values can be easily accessed to all the application so for a POST send. Do you think is better to send the server the SESSION_ID when I need or send the username and password every time I need to access the private section ? I'm going to implement the HTTPS protocol, so the data "should be safe". But in all case, is better to deal with session ID or username and password ? Thank you in advance for your reply.