i'm trying implement automatic logout code application on android.
i need detect if activities belonging application have entered background opposed working onpause() , onresume() each individual activity. ios has helpful applicationdidenterbackground: method utilize, i'm unable find similar function in android's application class.
one approach seems to have atomicinteger counter , increment once activity becomes visible , decrement when it's finished or onstop() gets called. if counter becomes zero, can start service runs in background , handles logout. how it's done?
you don't want log out user when "application" goes in background, more log out user of web app when user switches tab or minimizes browser window moment. if either of things in web app, users consider web app epic fail. similarly, if user gets phone call wrong number, or alarm clock goes off, they'll rather irritated if have go in , sign in when using app 5 seconds ago. here, "irritated", mean one-star ratings on market , nasty comments.
a web app automatic log out based upon inactivity, using server session cookie.
similarly, when build secured android app, i'll implementing inactivity-based mechanism, perhaps this:
step #1: create session class static singleton instance. session object holds last-accessed timestamp.
step #2: in each activity's onresume(), see if session singleton exists. if not, it's brand-new process, if isn't authentication activity, startactivity() bring authentication activity.
step #3: in each activity's onresume(), if session object exists, call extend(). return boolean, true indicating session still (and timestamp has been updated now), false otherwise. if returns false, same stuff if session object null.
step #4: authentication activity, upon success, sets singleton session object current timestamp.
step #5: session class' extend() method make determination if session old.
no matter how user gets application, if session old (or it's brand-new process), forced authenticate. yet, if user briefly interrupted -- and/or user can define "briefly" -- don't have re-authenticate.
Comments
Post a Comment