Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
15 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Support GameDev.net with a monthly GDNet+ subscription!
Follow Us
Chat in the GameDev.net Discord!
Back to Networking and Multiplayer
Advertisement

php session with LibGDX app

Started by January 30, 2016 10:07 AM
1 comment, last by hplus0603 8 years, 9 months ago

For several web projects I have been using php sessions to maintain a connection for the client. Now I am building a LibGDX app that communicates with the web and I'm wondering if I using sessions is still possible. I believe a php session is storing a server side cookie so in my theory this would still apply, I just have to save the session ID within the app and sent it when a request is made. However, since I do want things to be fairly secure I am worried about session hijacking. I could generate a fairly long session ID with high entropy to prevent this but and perhaps lock in the current IP of the user but I'm not sure if this is a valid way for a game. I really do not want any clients to be compromised.

Another way I can think of is checking credentials on each request, or at least each sensitive request. But then I need this to be automatically which means I need to store the credentials. I'm thinking of storing a encrypted version of the password locally and have the salt in the database. On the server side I will decrypt the password and verify it with BCRYPT again. This way whenever someones phone is compromised he still needs the salt in the database to see his password.

The problem is that if a phone is compromised, there is nothing you can really do. The hijacker will have access to the stored password and the session cookie. Most applications require the user to retype their password for sensitive requests.

You might also consider moving to database sessions, where a user can login elsewhere and revoke any currently running sessions.


Also, don't store passwords locally, even if it encrypted.
Advertisement
PHP sessions work by storing data about the user/session on the server (by default in a temp file; you can add other hooks such as memcached or database to make it work across multiple application servers.)
The session id value is then sent to the client in a cookie.
When the client makes the next web request, the cookie is sent back, and PHP can look up the session data based on that value.
If LibGDX provides a web interface (HTTP/HTTPS) and properly deals with cookies, then PHP sessions will still work.
enum Bool { True, False, FileNotFound };

This topic is closed to new replies.

Advertisement

Popular Topics

Calin
Inheritance tree General and Gameplay Programming
pbivens67
poker game For Beginners
taby
Falloff Math and Physics
cozzie
Occluder from AABB, near plane 'fix'? Graphics and GPU Programming
JezzaRoddy
Composer of 7 months, still feel like a beginner Music and Sound FX
JezzaRoddy
When you Decide to add BGM to your project... For Beginners
Advertisement

Recommended Tutorials

BlackBrain
Call Unity3D Methods from Java Plugins using Reflection Engines and Middleware
GameDev.net
Huffman Compression General and Gameplay Programming
Myopic Rhino
Chris Hargrove, Part Deux Interviews
Myopic Rhino
Game Port: Game Development in Singapore Part 3 Business and Law
GameDev.net
Focus on the magic: how we found the freedom to create Scavengers Networking and Multiplayer

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top