IOS Authentication with DB online

I have to build an App that need authentication over a DB (online). When application load, at first appear a login screen to insert user credentials. Thus after a correct login, user can access every areas of this app.

I think to use this steps, what do you think about?

1) Build a PHP (or other lang) Webservice that accept username/password(crypt) and check this data. When user is found, create a token with some strange unique string and adding a expiration time information. Send token back as response with some sort of json structure.

2) The IOS APP call this service passing username/password, if the webservice response is positive, store the received token in NSUserdefault and add time of creation (so i can calculate when it expire.

3) From my APP i can make request toward webservice sending my token. WS checks To开发者_如何转开发ken validity and send back a response.

Is this a good practice ???

---

Yes and no.

I think your approach will work as you wrote it. But keep in mind, that your users needs an internet connection to use your app. So I would design the structure in a way it has also a use for the user, if he has no internet connection.

I also don't know how good your expirience is with Webservices and the communication with them. If you send the data, you should also encrypt the sent data, because they are the credentials of the user. So it's not save to send them as GET Values for examples in a PHP script...

I hope my answer did help a little bit. If you have specific questions on this type of webservice, just ask. I did this a few times before. ;-)

Sandro Meier