How to maintain session in IBM worklight server side login module

Question

In my IBM worklight demo app I've implemented Login Module. It works fine, but in what way I should maintain the session ? I want to log-out my user if log-out action is performed but not when app goes into background. Currently when my app is closed by Android device back button or anyhow if app goes into background session gets expire and again user has to login. Can I achieve this maintaining some server side session?

Answer 1

When you close your application OS destroys WebView component thus destroying your http context, specifically jSessionId cookie. As a result next time you open it you will have a new session and will need to reauthenticate.

If you really want to implement "remember me" functionality there are several solutions. One might be the following

1. keep in mind that "remember me" greatly reduces security level
2. see #1
3. create some sort of server side token and store it on a client side (e.g. in localStorage, encryptedCache or JSONStore)
4. Make sure that this token is associated with your user identity on a server side
5. Send this token to server on application startup (e.g. as a global header, as an adapter procedure invocation param etc.)
6. Detect this token in your login module and establish authenticated session.