I have an application with a dedicated user registration and login system, where I'd like to integrate GCM for downstream messaging.
My question would be now what the best practice/approach would be to do so. I could either
use one single GCM token across all user sessions
or request a new GCM token upon a login and try to unregister it upon the logout ("try to" because there might be no network connection)
I could imagine pros and cons for both approaches but lack the in-depth GCM experience to say which one would be better.
Anything else I missed?
I would prefer to keep a single GCM token for multiple users. When you send the push notification send a custom node as username or userid to which you want to send the notification.
When you actually receive the notification check for the currently logged-in user and if it matches with the node passed in push notification then show the notification to the user and if it doesn't discard it (or store it locally to be displayed when that user logs in).
In practical scenario one phone will be used by only one user (with very few exceptions may be), so you shouldn't worry about saving it either. But that could be a business decision.
Update
Google very clearly says that after un-registering and again registering for GCM token may be same. So there is no point in un-registering and registering for GCM again and again. Here is the snippet of official document.
A registration token isn't associated with a particular logged in user. If the client app unregisters and then re-registers, the app can receive the same registration token or a different registration token.
Official Documentation
Related
I'm trying to add an in-app subscription to my app and if I understand Google's guidelines correctly, the proper way to validate in-app purchases is as follows:
My app queries active subscriptions from Google's billing API
My app sends active subscription details to my server
My server sends the details to Google, which responds with whether they are valid
My server responds back to my app with whether the details are valid
My app now knows whether the user is legitimately subscribed
I'm not very familiar with network security, but this process is apparently secure because the alternative is to validate the subscription solely in the app which attackers can reverse engineer and figure out the logic behind it. But I fail to see how receiving a yes/no response from my server is better. Couldn't attackers spoof my server's response if they wanted? Or at least modify the code where the yes/no response is interpreted?
I am building an Android app and i am using Firebase as the database to store users and more. My requirement is that i need users to click on a button and send notifications to other users(typically they will be 2-3 users). When other users receive the notification they should have the option to "accept" it or "reject" the request. If they click to accept it the sender of the notification should get notified (just a notification) as well as the admin users.
I have found online several options on how to send notifications with FCM or using a third party server but the tricky part that i haven't found is how will they accept or reject a notification? Has anyone done something similar or can someone direct me to a solution that would satisfy this requirement(accept and reject a notification)?
Let's say I have Android app with user login functionality and PHP based back-end server. When user fills required fields (name and e-mail for example) with according information and press "login" button, request is being made to back-end server. Now let's say user is successfully logged in.
My question would be, does exist any common used mechanisms/solutions/design patterns similar to web
sessions
between Android apps and server side in order to implemement such functionalities like login/logout, prevent users to login with the same account at the same time, etc.?
Why use something similar to php sessions? use php sessions instead!
session_start();
$sess_id = session_id();
Give this id to your client, and make sure it appears in every requests the client application makes to your server.
Here is how you load a session by id :
session_id("your_client_session_id");
session_start();
Basically it's the same usage than web, except browsers use cookie to store the session_id.
Then if you are using org.apache.http in your client application, you should be able to use org.apache.http.cookie.
This way you can set your PHP_SESSID in a cookie, and your application will automatically send this in every request.
Since different instances of the app presumable authenticate via the same remote service (the PHP backend), it could be part of that implementation to track when an identity has authenticated and from which device. Then you would need a way of tracking how long a user is active in the given sessions (like sending a "ping" from the app at an interval as long as it runs).
Using this information (last login, last ping) it could be exactly determined if an identity has an active session and deny access to subsequent authentication attempts of the same identity.
It's up to the implementation how active session is defined. It may be active as long as the app runs, as long as the app is in the foreground, as long as the user keeps interacting with it not exceeding a certain idle time threshold, etc. The point is to log and collect information of all sessions on the server side.
I am writing a chat application on app engine using xmpp. My idea is to allow users to chat to one another. I can get messages to send to a google talk account, by taking the logged in user and removing the #gmail.com part of the address and replacing it with #appid.appspotchat.com )so for example if the logged in user is bob#gmail.com, the jid used to send from will be bob#appid.appspotchat.com). You can then send messages to an google talk account, e.g. jeff#gmail.com.
My problem is in receiving the messages back again. The developer pages show how the app itself can receive messages to the appid#appspot.com jid, but how do you get it to receive messages to the appid.appspot.com jid, and then present these messages tp the logged in user? The overall idea is when a user logs in, I will retrieve thri contact list, get the presence of their contacts (replacing gmail.com with appid.appspotchat.com) then present the available contacts to the user.
If this is not possible, is there a way to let the logged in user chat to other users in a different way? Ive briefly looked at the channel api but i don't think this is suitable?
You could use the Channel API to send a message down to a client when your server gets a message intended for that user. There's no facility to direct a XMPP message directly to a user on your own page; the XMPP API is used to send messages to users signed in to XMPP clients (such as Gmail, Pidgin, etc).
You can't use anything#your_app_id.appspot.com. Instead you must use anything#your_app_id.appspotchat.com as described in XMPP Addresses.
I'm testing the C2DM service. I implemented my code following this GUIDE and made a little php script for sending the messages and everything runs correctly.
Then I restarted the phone and (without opening the app) sent another message, and It was received too, so the how often have I to execute the com.google.android.c2dm.intent.REGISTER for always receive messages? Once per install or more frequently?
Thanks!
This is the sequence of events that occurs when an Android application
running on a mobile device registers to receive messages:
The first time the application needs to use the messaging service, it fires off a registration Intent to a C2DM server. This registration
Intent (com.google.android.c2dm.intent.REGISTER) includes the sender
ID (that is, the account authorized to send messages to the
application, which is typically the email address of an account set up
by the application's developer), and the application ID.
If the registration is successful, the C2DM server broadcasts a REGISTRATION Intent which gives the application a registration ID. The
application should store this ID for later use. Note that Google may
periodically refresh the registration ID, so you should design your
application with the understanding that the REGISTRATION Intent may be
called multiple times. Your application needs to be able to respond
accordingly.
To complete the registration, the application sends the registration ID to the application server. The application server
typically stores the registration ID in a database.
The registration ID lasts until the application explicitly unregisters
itself, or until Google refreshes the registration ID for your
application.
From Google Android C2DM