« previous next »
Pages: [1]

Author Topic: Session Token Expiry In Api  (Read 4900 times)

Offline ravdeep

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Session Token Expiry In Api
« on: December 26, 2015, 01:32:55 AM »
Hello
I am creating an A native Android app using AbanteCart storefront Api V1.2.5
I Have successfully consumed all the features of Api
I am facing an Error and Need Your Help
When a User Logs in he is assigned a token
So he is able to access his account using api
But after few hours If the user tries to use same token
The app throws Authentication failed Error ,I think the token Expires
Please Note In app the user need not Logout Frequently
So the token Provided should not expire .
Please Help me
I have worked very hard for this app but my project can fail due to this error .
Please Help me

Merry Christmas and Happy New Year 2016
Regards
Ravdeep Singh
Logged

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4359
  • Karma: +298/-10
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Session Token Expiry In Api
« Reply #1 on: December 29, 2015, 10:27:18 PM »
Great works you are doing, and we are exited to see your app.

About token:
Token expiration is controlled by server session.
Unfortunately, you will not be able to control session expiration as it is based on a specific server configuration and AbanteCart setting.
Even if you set very large expiration time in AbanteCart setting, server session expiration time might be shorter.
Additionally, having unexpired login tokens is not good security approach. This is a standard practice.

To make user experience, better, you can validate the response and redirect user to login if token has expired (unauthorized).

Let me know if you have other suggestions or ideas.

PS. I am not sure about Android, but in iPhone there is a way to store u/p in OS and use finger based login to resubmit authentication and get new token.  Possibly there is something on Android side that can help you to make authentication better.
Logged
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

Offline eCommerce Core

  • Administrator
  • Hero Member
  • *****
  • Posts: 1602
  • Karma: +93/-1
    • View Profile
Re: Session Token Expiry In Api
« Reply #2 on: January 03, 2016, 02:06:37 PM »
I wonder if you fond solution?
Logged
“If you’re in the luckiest one per cent of humanity, you owe it to the rest of humanity to think about the other 99 per cent.”
― Warren Buffett

Offline vish665

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Session Token Expiry In Api
« Reply #3 on: June 27, 2016, 03:42:09 AM »
hi i am also working on android app and i am also newbie so can u help out where  is the code for "token" generation or the page where the function is written for token generation??

Customer API:
Access token ID. This token is provided by the system after successful initial authentication
Logged

Offline jaysbar

  • Full Member
  • ***
  • Posts: 139
  • Karma: +13/-5
    • View Profile
Re: Session Token Expiry In Api
« Reply #4 on: September 08, 2016, 12:16:28 PM »
Hey Vish

Did you manage to get this Android App up and running??

Thanks

Jay
Logged
Pages: [1]
« previous next »
 

Powered by SMFPacks Social Login Mod