[android-developers] Re: Best way to logout each time the application/task goes to background
Don't have a server and this is what my users asked for. They don't want prying eyes for their financial data. The password is optional and a yet to receive a bad comment about this feature. On Jul 19, 2:34 am, Streets Of Boston flyingdutc...@gmail.com wrote: Requiring users to re-type their passwords every time they leave the app (even if not by their doing, e.g. when receiving a phone-call or reacting to a notification), may reaallly start to annoy your users. And if your app needs a high level of security, i can imagine that the users' passwords are pretty strong. But i don't know the nature of your app and it could be that your users are willing to put up with it. About the timeout of my first reply: I was talking about a session timeout on the server, not on your app. You send an authentication token, e.g. a (secure) cookie, with every request to your server. The server then determines if the request's session has timed-out or not. If so, the user needs to login again. On Jul 17, 5:57 am, Kim Damevin kdame...@gmail.com wrote: @Frank weis: my application requires a high level of security, so if the user leaves it I don't want that someone else who would use the android mobile can open it without having to log in. Thanks for all your replies it helps a lot ! I think i will go for the timeout method. It's a good point that if the user clicks on home by mistake and wants to come back to the application in a short time period he doesn't need to log in again. Anthoni and Zsolt Vasvari can you describe a bit more your solutions please ? Thanks, Kim On Sat, Jul 17, 2010 at 10:42 AM, Anthoni anthoni.gard...@gmail.com wrote: Hello, I also do this, BUT I do not put it into every single activity. What I do is create a Handler at application level and a time check object. The handler fires every say 10 seconds and checks the time object. If it matches what I need I broadcast an event across my entire application. Each activity then registers whether or not they need to be notified of this broadcast, so they can take what ever action they require. Hope this helps. Regards Anthoni On Jul 17, 3:43 am, Zsolt Vasvari zvasv...@gmail.com wrote: 1) This is not the best option, at least not without option 2, as the user can still leave without having the opportunity to log out, for example to answer a call. 2) I do this, it's a bit of a pain as I need to check the timeout in every activity, and I have at least a couple of dozens. So it's a bit of a maintanence issue. I set my timeout to, I think, 10 seconds. Long enough, so if the user accidentally presses the home button, they can get back in quickly. On Jul 17, 3:40 am, Streets Of Boston flyingdutc...@gmail.com wrote: You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity. But then until my application takes the focus again the key stays in the application object. (It seems it doesn't work with the go back button, maybe I need to use no history also) - Detect for each activity in all onPause or onStop events when application will leave the foreground to clear the key field and launch the login activity The best would be to have a kind of OnPause method at application level but I think it doesn't exist I would appreciate any help on this problem. ps: I already posted it once but never saw it on the discussions list. Cheers, Kim- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this
[android-developers] Re: Best way to logout each time the application/task goes to background
Sure... I have a helper method that I call from all activities' onPause() method. It saves the current time in the application's presistent preferences: public static void setAppLastHiddenTime(Context context) { Preferences.setLong(context, R.string.password_app_last_hidden_time_preference_key, System.currentTimeMillis()); } Preferences.setLong() is my own helper method, but it just writes to SharedPreferences. Then from the activities' onResume() method, I call another helper method that checks if I need to ask for the password: public static boolean isNeedToAskForPassword(Context context) { boolean shouldAskForPassword = false; boolean passwordVerified = Preferences.getBoolean(context, R.string.password_verified_preference_key, R.string.password_verified_preference_default_value); if (passwordVerified) { long appLastHiddenTime = Preferences.getLong(context, R.string.password_app_last_hidden_time_preference_key, R.string.password_app_last_hidden_time_preference_default_value); long currentTime = System.currentTimeMillis(); // Check if we timed out shouldAskForPassword = (currentTime (appLastHiddenTime + MAX_HIDDEN_TIME)); if (shouldAskForPassword) Preferences.remove(context, R.string.password_verified_preference_key); } else shouldAskForPassword = true; return shouldAskForPassword; } MAX_HIDDEN_TIME is the time-out, 5000ms seconds in my case. If isNeedToAskForPassword() returns true, I display my password dialog and if the user enters the right password, I call my 3rd helper method: public static void markPasswordVerified(Context context) { Preferences.setBoolean(context, R.string.password_verified_preference_key, true); } On Jul 17, 5:57 pm, Kim Damevin kdame...@gmail.com wrote: @Frank weis: my application requires a high level of security, so if the user leaves it I don't want that someone else who would use the android mobile can open it without having to log in. Thanks for all your replies it helps a lot ! I think i will go for the timeout method. It's a good point that if the user clicks on home by mistake and wants to come back to the application in a short time period he doesn't need to log in again. Anthoni and Zsolt Vasvari can you describe a bit more your solutions please ? Thanks, Kim On Sat, Jul 17, 2010 at 10:42 AM, Anthoni anthoni.gard...@gmail.com wrote: Hello, I also do this, BUT I do not put it into every single activity. What I do is create a Handler at application level and a time check object. The handler fires every say 10 seconds and checks the time object. If it matches what I need I broadcast an event across my entire application. Each activity then registers whether or not they need to be notified of this broadcast, so they can take what ever action they require. Hope this helps. Regards Anthoni On Jul 17, 3:43 am, Zsolt Vasvari zvasv...@gmail.com wrote: 1) This is not the best option, at least not without option 2, as the user can still leave without having the opportunity to log out, for example to answer a call. 2) I do this, it's a bit of a pain as I need to check the timeout in every activity, and I have at least a couple of dozens. So it's a bit of a maintanence issue. I set my timeout to, I think, 10 seconds. Long enough, so if the user accidentally presses the home button, they can get back in quickly. On Jul 17, 3:40 am, Streets Of Boston flyingdutc...@gmail.com wrote: You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity.
[android-developers] Re: Best way to logout each time the application/task goes to background
Requiring users to re-type their passwords every time they leave the app (even if not by their doing, e.g. when receiving a phone-call or reacting to a notification), may reaallly start to annoy your users. And if your app needs a high level of security, i can imagine that the users' passwords are pretty strong. But i don't know the nature of your app and it could be that your users are willing to put up with it. About the timeout of my first reply: I was talking about a session timeout on the server, not on your app. You send an authentication token, e.g. a (secure) cookie, with every request to your server. The server then determines if the request's session has timed-out or not. If so, the user needs to login again. On Jul 17, 5:57 am, Kim Damevin kdame...@gmail.com wrote: @Frank weis: my application requires a high level of security, so if the user leaves it I don't want that someone else who would use the android mobile can open it without having to log in. Thanks for all your replies it helps a lot ! I think i will go for the timeout method. It's a good point that if the user clicks on home by mistake and wants to come back to the application in a short time period he doesn't need to log in again. Anthoni and Zsolt Vasvari can you describe a bit more your solutions please ? Thanks, Kim On Sat, Jul 17, 2010 at 10:42 AM, Anthoni anthoni.gard...@gmail.com wrote: Hello, I also do this, BUT I do not put it into every single activity. What I do is create a Handler at application level and a time check object. The handler fires every say 10 seconds and checks the time object. If it matches what I need I broadcast an event across my entire application. Each activity then registers whether or not they need to be notified of this broadcast, so they can take what ever action they require. Hope this helps. Regards Anthoni On Jul 17, 3:43 am, Zsolt Vasvari zvasv...@gmail.com wrote: 1) This is not the best option, at least not without option 2, as the user can still leave without having the opportunity to log out, for example to answer a call. 2) I do this, it's a bit of a pain as I need to check the timeout in every activity, and I have at least a couple of dozens. So it's a bit of a maintanence issue. I set my timeout to, I think, 10 seconds. Long enough, so if the user accidentally presses the home button, they can get back in quickly. On Jul 17, 3:40 am, Streets Of Boston flyingdutc...@gmail.com wrote: You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity. But then until my application takes the focus again the key stays in the application object. (It seems it doesn't work with the go back button, maybe I need to use no history also) - Detect for each activity in all onPause or onStop events when application will leave the foreground to clear the key field and launch the login activity The best would be to have a kind of OnPause method at application level but I think it doesn't exist I would appreciate any help on this problem. ps: I already posted it once but never saw it on the discussions list. Cheers, Kim- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.comandroid-developers%2bunsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en- Hide quoted text - - Show quoted text - -- You received this message
Re: [android-developers] Re: Best way to logout each time the application/task goes to background
Why do you need to force the user to login again just because their personal workflow involved starting an activity in a different application? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Best way to logout each time the application/task goes to background
Hello, I also do this, BUT I do not put it into every single activity. What I do is create a Handler at application level and a time check object. The handler fires every say 10 seconds and checks the time object. If it matches what I need I broadcast an event across my entire application. Each activity then registers whether or not they need to be notified of this broadcast, so they can take what ever action they require. Hope this helps. Regards Anthoni On Jul 17, 3:43 am, Zsolt Vasvari zvasv...@gmail.com wrote: 1) This is not the best option, at least not without option 2, as the user can still leave without having the opportunity to log out, for example to answer a call. 2) I do this, it's a bit of a pain as I need to check the timeout in every activity, and I have at least a couple of dozens. So it's a bit of a maintanence issue. I set my timeout to, I think, 10 seconds. Long enough, so if the user accidentally presses the home button, they can get back in quickly. On Jul 17, 3:40 am, Streets Of Boston flyingdutc...@gmail.com wrote: You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity. But then until my application takes the focus again the key stays in the application object. (It seems it doesn't work with the go back button, maybe I need to use no history also) - Detect for each activity in all onPause or onStop events when application will leave the foreground to clear the key field and launch the login activity The best would be to have a kind of OnPause method at application level but I think it doesn't exist I would appreciate any help on this problem. ps: I already posted it once but never saw it on the discussions list. Cheers, Kim- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Best way to logout each time the application/task goes to background
@Frank weis: my application requires a high level of security, so if the user leaves it I don't want that someone else who would use the android mobile can open it without having to log in. Thanks for all your replies it helps a lot ! I think i will go for the timeout method. It's a good point that if the user clicks on home by mistake and wants to come back to the application in a short time period he doesn't need to log in again. Anthoni and Zsolt Vasvari can you describe a bit more your solutions please ? Thanks, Kim On Sat, Jul 17, 2010 at 10:42 AM, Anthoni anthoni.gard...@gmail.com wrote: Hello, I also do this, BUT I do not put it into every single activity. What I do is create a Handler at application level and a time check object. The handler fires every say 10 seconds and checks the time object. If it matches what I need I broadcast an event across my entire application. Each activity then registers whether or not they need to be notified of this broadcast, so they can take what ever action they require. Hope this helps. Regards Anthoni On Jul 17, 3:43 am, Zsolt Vasvari zvasv...@gmail.com wrote: 1) This is not the best option, at least not without option 2, as the user can still leave without having the opportunity to log out, for example to answer a call. 2) I do this, it's a bit of a pain as I need to check the timeout in every activity, and I have at least a couple of dozens. So it's a bit of a maintanence issue. I set my timeout to, I think, 10 seconds. Long enough, so if the user accidentally presses the home button, they can get back in quickly. On Jul 17, 3:40 am, Streets Of Boston flyingdutc...@gmail.com wrote: You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity. But then until my application takes the focus again the key stays in the application object. (It seems it doesn't work with the go back button, maybe I need to use no history also) - Detect for each activity in all onPause or onStop events when application will leave the foreground to clear the key field and launch the login activity The best would be to have a kind of OnPause method at application level but I think it doesn't exist I would appreciate any help on this problem. ps: I already posted it once but never saw it on the discussions list. Cheers, Kim- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.comandroid-developers%2bunsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Best way to logout each time the application/task goes to background
You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity. But then until my application takes the focus again the key stays in the application object. (It seems it doesn't work with the go back button, maybe I need to use no history also) - Detect for each activity in all onPause or onStop events when application will leave the foreground to clear the key field and launch the login activity The best would be to have a kind of OnPause method at application level but I think it doesn't exist I would appreciate any help on this problem. ps: I already posted it once but never saw it on the discussions list. Cheers, Kim -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Best way to logout each time the application/task goes to background
1) This is not the best option, at least not without option 2, as the user can still leave without having the opportunity to log out, for example to answer a call. 2) I do this, it's a bit of a pain as I need to check the timeout in every activity, and I have at least a couple of dozens. So it's a bit of a maintanence issue. I set my timeout to, I think, 10 seconds. Long enough, so if the user accidentally presses the home button, they can get back in quickly. On Jul 17, 3:40 am, Streets Of Boston flyingdutc...@gmail.com wrote: You have no control over the application and/or activity life cycle. This will make is very hard to determine when the user 'exits' the app. I would do this: 1. Consider an explicit 'log-out' option for your users. 2. Add a time-out to your login-sessions. Refresh the session (time- out) when the user interacts with your app/server. But when the user hasn't interacted with your app/server for a given amount of time, the user's session will have had a time-out and this then would require the user to login again. On Jul 16, 4:09 am, Kim D. kdame...@gmail.com wrote: Hello, I have an application which requires a login at the beginning (this is the first activity). When the user logs in, I keep his credentials in the application (I extended android.application to add a field called 'key'). I would like to clear this field from memory (from application instance) an go back to the login activity. I see the following possibilities: - Add a broadcast receiver to catch all possible event (call, click on menu, click on back, lock the phone ...) which clear the key field and launch the login activity - Use clearTaskOnLaunch for all activities except the login activity. But then until my application takes the focus again the key stays in the application object. (It seems it doesn't work with the go back button, maybe I need to use no history also) - Detect for each activity in all onPause or onStop events when application will leave the foreground to clear the key field and launch the login activity The best would be to have a kind of OnPause method at application level but I think it doesn't exist I would appreciate any help on this problem. ps: I already posted it once but never saw it on the discussions list. Cheers, Kim- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en