AbanteCart Community

Shopping Cart Operations => Support => Topic started by: ravdeep on December 26, 2015, 01:32:55 AM

Title: Session Token Expiry In Api
Post by: ravdeep on December 26, 2015, 01:32:55 AM

Hello
I am creating an A native Android app using AbanteCart storefront Api V1.2.5
I Have successfully consumed all the features of Api
I am facing an Error and Need Your Help
When a User Logs in he is assigned a token
So he is able to access his account using api
But after few hours If the user tries to use same token
The app throws Authentication failed Error ,I think the token Expires
Please Note In app the user need not Logout Frequently
So the token Provided should not expire .
Please Help me
I have worked very hard for this app but my project can fail due to this error .
Please Help me

Merry Christmas and Happy New Year 2016
Regards
Ravdeep Singh

Title: Re: Session Token Expiry In Api
Post by: abantecart on December 29, 2015, 10:27:18 PM

Great works you are doing, and we are exited to see your app.

About token:
Token expiration is controlled by server session.
Unfortunately, you will not be able to control session expiration as it is based on a specific server configuration and AbanteCart setting.
Even if you set very large expiration time in AbanteCart setting, server session expiration time might be shorter.
Additionally, having unexpired login tokens is not good security approach. This is a standard practice.

To make user experience, better, you can validate the response and redirect user to login if token has expired (unauthorized).

Let me know if you have other suggestions or ideas.

PS. I am not sure about Android, but in iPhone there is a way to store u/p in OS and use finger based login to resubmit authentication and get new token.  Possibly there is something on Android side that can help you to make authentication better.

Title: Re: Session Token Expiry In Api
Post by: eCommerce Core on January 03, 2016, 02:06:37 PM

I wonder if you fond solution?

Title: Re: Session Token Expiry In Api
Post by: vish665 on June 27, 2016, 03:42:09 AM

hi i am also working on android app and i am also newbie so can u help out where  is the code for "token" generation or the page where the function is written for token generation??

Customer API:
Access token ID. This token is provided by the system after successful initial authentication

Title: Re: Session Token Expiry In Api
Post by: jaysbar on September 08, 2016, 12:16:28 PM

Hey Vish

Did you manage to get this Android App up and running??

Thanks

Jay