I am working on a RESTful web service to use my own Android app. I choose the ASP.NET WEB API. The WEB API makes it easy to create these HTTP methods in controllers and convert our response objects to json / xml ... It's just awesome!
Now comes the authentication of the user and part of the processing of the session. At first I thought it would be easier to run sessions in my RESTful service. But in fact, the disappointment in the settings for enabling sessions in the WEB API and making the android native to handle these session identifiers.
- First, Android sends a request to enter the WEB API
- WEB API verifies authentications and responses with sessionid in the response header
- Now the native Android language reads the response header-> gets ASPNET_sessionId → parameters in its memory
- Additional requests from android will need to set this ASPNET_sessionId in the request header
Do you think this is the right way?
And now I have another client. A hybrid application in Mobile jquery. Now the following problems occur:
- Policy origin: so i install
Access-Control-Allow-Originin the *response header. And he decided. - Now I need to set the session id in jQuery ajax post request. And it was not possible to set jQuery ajax headers when calling cross-domain service.
How can I manage a session for my hybrid application?
Also What are the things to consider when creating a web service to be consumed from different client applications?