Is it usual to deal with sessions in an Android application?

1

My question is this: I have a Rails server and I make queries on that server using an Android application. If I were creating a web system, I would use session to manage the permissions of my system. However, as I have the application, I make the constraints within it (if the user does not log in, they will not have access to the system).

The fear I have is for someone to use the routes I've created in Rails to access restricted data from users and to insert data fraudulently. Is there any way around this?

    
asked by anonymous 28.11.2017 / 20:06

1 answer

1

The most common is to use stateless servers for communication with applications. This means that you will control access and permissions through tokens. Take a look at OAuth. If you put these permissions in the application gives almost the same as nothing, it is very easy for the guy to cheat.

    
28.11.2017 / 22:19