



2。我应该散列密码发送到服务器之前?我有一个表在我与一个用户和密码栏数据库。当我要检查登录,我应​​该送散列到服务器的密码,如的login.php U =雪橇和​​放大器;如p = 34819d7beeabb9260a5c854bc85b3e44 ,或只是简单的文本的login.php U =雪橇和​​放大器; P =输入mypassword 以及散在服务器上之前,我进行身份验证





您可以使用 CookieManager 设置你的Cookie。


另一种方法(我使用这种替代在我的应用程序之一)就是抓住你的Cookie您发送您的用户名和密码后,到服务器(例如,通过 HttpPost HTTPGET )。在你的问题您使用的登录验证的 $ _ GET 的风格,所以我的例子code将使用 HTTPGET

样品$ C $用c HTTPGET

 的HttpParams的HttpParams =新BasicHttpParams();


DefaultHttpClient postClient =新DefaultHttpClient(的HttpParams);
//您的网址使用$ _GET风格。
HTT presponse响应;

尝试 {
    // Htt的presponse。
    响应= postClient.execute(HTTPGET);

    如果(response.getStatusLine()的getStatus code()== 200){
        HttpEntity实体= response.getEntity();

        如果(实体!= NULL){
            CookieStore的饼干= postClient.getCookieStore();


现在,当你有你的的CookieStore ;抢Cookie的列表,从中后,您可以使用 饼干 ,以确定名称,域值等...

android org.apache.http不存在,Android程序报错程序包org.apache.http不存在问题的解决方法...

您尝试访问您的网站的锁定的内容下一次;设置cookie到您的的HttpURLConnection 饼干信息:

 网​​址URL =新的URL(;



最终诠释响应code = httpURLConnection.getResponse code();







存储在共享preferences 什么的信息。就像我刚才说的,你可以散列它,如果你登录系统设计正确 - 这取决于你如何散列在你的PHP文件。

Hey guys, I have a few questions about implementing a login feature in Android.

1. Does android have anything like sessions or cookies? How should I 'remember' that the user is loged in? Obviously I don't want to ask for the password every time my application is used!

2. Should I hash the password before sending it to the server? I have a table in my database with a user and password column. When I want to check the login, should I send the password hashed to the server like login.php?u=sled&p=34819d7beeabb9260a5c854bc85b3e44, or just plain text like login.php?u=sled&p=mypassword and hash it on the server before I perform the authentication?


Does android have anything like sessions or cookies?

Yes. There are two alternatives.

Option #1:

You can use CookieManager to set your cookie.

Option #2:

The other alternative (I'm using this alternative in one of my applications) is to grab your cookie after you've sent your username and password to the server (e.g. via HttpPost or HttpGet). In your question you're using $_GET style of your login authentication, so my sample code will be using HttpGet.

Sample code using HttpGet:

HttpParams httpParams = new BasicHttpParams();   

// It's always good to set how long they should try to connect. In this
// this example, five seconds.
HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
HttpConnectionParams.setSoTimeout(httpParams, 5000);

DefaultHttpClient postClient = new DefaultHttpClient(httpParams);           
// Your url using $_GET style.
final String url = "";
HttpGet httpGet = new HttpGet(url);
HttpResponse response;

try {   
    // Execute your HttpGet against the server and catch the response to our
    // HttpResponse.
    response = postClient.execute(httpGet);

    // Check if everything went well.
    if(response.getStatusLine().getStatusCode() == 200) {   
        // If so, grab the entity.          
        HttpEntity entity = response.getEntity();

        // If entity isn't null, grab the CookieStore from the response.
        if (entity != null) {
            CookieStore cookies = postClient.getCookieStore();  
            // Do some more stuff, this should probably be a method where you're
            // returning the CookieStore.    

} catch (Exception e) {

Now when you have your CookieStore; grab a list of cookies from it and after that you can use Cookie to determine the name, domain, value etc...

Next time you're trying to access "locked" content of your website; set a cookie to your HttpURLConnection from your Cookie information:

URL url = new URL("");

HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();

// "Host" and "Cookie" are fields in the HTTP response. Use WireShark
// via your computer to determine correct header names.
httpURLConnection.setRequestProperty("Host", domainOfYourCookie);
httpURLConnection.setRequestProperty("Cookie", valueOfYourCookie);

final int responseCode = httpURLConnection.getResponseCode();

// And get the content...

Should I hash the password before sending it to the server?

Depends on how your system is designed. You must have correct information when sending it to your server. This also depends on how you're hashing your information in your .php file.

How should I 'remember' that the user is loged in?

Store the information in a SharedPreferences or something. Like I said earlier, you can hash it if your login system is correctly designed - this depends on how you're hashing it in your .php file.


