I am trying to develop a dummy app with Xamarin.Forms and i mainly focus on UWP.
I have a login feature for this app and i need to manage sessions. I am consuming a basic web service method for login, it gets user name and password as parameters and returns an access token. I am using this access token for the CRUD operations of this app. This is how i store this access token.
Application.Current.Properties ["access_token"] = token.access_token;
Since i am a newbie for Xamarin i am struggling to understand Session Managament. How am i going to manage a session ? When to expire a session and how ? What might be the security issues ? How can i properly log out a user ?
Any help would be appreciated.
You can use Settings Plugin for Xamarin And Windows.
This plugin saves specific properties directly to each platforms native settings APIs (NSUserDefaults, SharedPreferences, etc). This ensures the fastest, most secure, and reliable creation and editing settings per application. Additionally, it works with any Xamarin application, not just Xamarin.Forms.
Use it from Nuget at - Settings Plugin for Xamarin and Windows 3.0.1
Find the documentation here.
private static ISettings AppSettings =>
CrossSettings.Current;
public static string AccessToken
{
get => AppSettings.GetValueOrDefault(nameof(AccessToken), string.Empty);
set => AppSettings.AddOrUpdateValue(nameof(AccessToken), value);
}
Sessions are managed at servers and not clients. You will get a expiration time and maybe a refresh token URL from the server. You can expire the token and delete it when the expiration time is elapsed.