I'm not sure how to go with the authentication method
I have a way, but I don’t know if it is safe or not. let me explain what I'm doing with the REST API.
I have a web application with several users in which users can log in with their username and password and do something like that.
I need to develop a mobile application for this web application. I think REST is with Slim Framework, but I have no problem with Slim REST development, but part of the authentication is that I'm not sure how to evolve.
However i have an idea
Use session cookies: - When a user login through a mobile application calls the REST API authentication method, query the database and match the username / password. If they match, create two cookies for the username and password and save them encrypted
When the mobile application sends the following request, check the cookies, deactivate the username and password, again compare with the database record if the agreed call The requested method otherwise denies access.
Please let me know how I am going? Does it still do REST API REST? Is it possible to save username / password in cookies for the above senerio?
source
share