I am getting the user id using req. Session. But want to store it in a local storage.
So how to store it?
Related
In my iOS app, i have done AWS Cognito user authentication. Authenticated users are able to upload images to protected folder ie under protected / {cognito user_identitiy_id}. Authenticated users can access objects only saved under their user_identity_id folder. How one user can access objects from others. S3 document says:-
Public: Accessible by all users of your app. Files are stored under the public/ path in your S3 bucket.
Protected: Readable by all users, but writable only by the creating user. Files are stored under protected/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.
Private: Only accessible for the individual user. Files are stored under private/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.
If you're using Amplify, then using Protected. The owner has write permissions while others can only read files.
Pls help make sure:
Your S3 bucket policy is something like this for "Protected" folder to restrict user access: https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.html
on iOS, assume you're using Amplify, pls follow this: https://aws-amplify.github.io/docs/ios/storage. Keep in mind, you have to authenticate and exchange to Credential first before using Storage API.
Another user that wants to read the file can specify the user that created it:
let options = StorageDownloadDataRequest.Options(accessLevel:.protected, targetIdentityId: "OtherUserId")
I'm creating simple user login at the beginning of my app. After user submits correct username and password, my script from server should return some parameters which I should store in some sort of local database, and check for these parameters every time when new view appear/loads.
My questions are:
1) which type of local "database" should I use, which one is secure so no one else from "outside" can access it, because if someone could than he could set my logins by himself (keychains, user defaults etc.)?
2) which parameters should I return from server, which one of them are essentially from security when checking if user is logged in - I'm thinking of username and the token - if user is successfully logged in, than server script should create some type of token which will be stored in online database. Every time user makes some request from app to the server than token is checked, if it exists in app and if it exists in server database and if they are equal.
3) How should I check if user is logged in when new view is loading in the app - should I just check if variables exists (for example in Keychains) or should I connect to the server and check every time server database?
for storing sensitive user data(password, api token, email) you should always use Keychain for this purpose.In other hand there is Realm also offer secure way to store your data.Its easy to use, you just need wrap data objects with realm base(Object) class and mark properties with dynamic attribute.For basic login system i think user name, email and api token good enough.But depends on api needs you can include here phone number, birthday etc.For checking user authorization I think validating api token good enough in most case.
There is also most secure techniques to improve data safety like keep database property names in keychain.Hashing sensitive data parts in api calls.Last thing you need use https for api communication.
Without user login hoe to to get current session id.
I want the current session id without user login to store on db
Any help is appreciated
I am developing an analytics system that I have a global user id and a session id. I am storing the global user id in a cookie created on my rails server, and the session id I store in a cookie that I create in a browser.
The global user id is set to expire in 2 years, and every time a new request from that user arrives I restart the counter. The same happens with the session id, except that the time is 25 minutes.
What is happening is that in some mobile phones the cookie that I set in my rails server is not persisted. So every time the user navigates to other pages he has the same session id but the user id changes.
What could it be?
I am using devise in my rails app. There is an ipad app that connects to the this rails app and authentication is done using token. (devise token_authenticatable).
For sessions, I using the default cookie store. My session_stor.rb looks like this,
Ap::Application.config.session_store :cookie_store
Now say I need to store minor data for the ipad user in session, where is it stored? Say in my controller I am doing,
session['last_search'] = search_key_word
Where is this data stored? I am asking this because on cookie based session store, usually session data is stored in browser. I couldn't find any resource that explains what happens in case of a non browser client that uses token for authenticatication.
I suggest saving the history locally in the iPad's app itself. You can create a table "search_history" that stores the recent 10 keywords. Or you may cache it if you want (also on the client side).