Here are some things you should think about:

以下是您应该考虑的一些事项：

• Once you have authenticated the user and stored the session_id locally, send the session_id in the header of each of your http requests. That way, you're not sending the credentials with each request, but the session id. And if something happens on the server side to the session, the transaction will not be allowed.
• When logging out, don't just delete the session_id on your app (client) side. Send a logout to the server as well so that the session can be killed server side.
• If the session is killed on the server side, you'll want to do 1 of 2 things A) prompt the user to re-login. B) Use the store credentials to log back in, create a new session id and store it again in your singleton.

• 对用户进行身份验证并在本地存储 session_id 后，在每个 http 请求的标头中发送 session_id。这样，您不会随每个请求发送凭据，而是发送会话 ID。如果在会话的服务器端发生了某些事情，则该事务将不被允许。
• 注销时，不要只删除应用（客户端）端的 session_id。也向服务器发送注销，以便可以在服务器端终止会话。
• 如果会话在服务器端被终止，您将需要执行以下两件事之一：A) 提示用户重新登录。B) 使用商店凭据重新登录，创建新的会话 ID 并将其再次存储在您的单身人士中。

This will guarantee a bit more security and functionality than just clearing the session id on your app side.

这将保证比仅清除应用程序端的会话 ID 多一点的安全性和功能。

This strategy will probably work. In an app I worked on, I stored the return data from login in the android shared preferences. If the user logged out, I cleared the preferences. This allowed users to stay logged in, even if they closed the app and went back in later. I had an authentication token that I checked to see if the user's login was still valid.

这个策略可能会奏效。在我开发的一个应用程序中，我将登录的返回数据存储在 android 共享首选项中。如果用户退出，我清除了首选项。这允许用户保持登录状态，即使他们关闭了应用程序并稍后返回。我有一个身份验证令牌，我检查了该令牌以查看用户的登录信息是否仍然有效。

How do you plan on handling persisted logins? Does the sessionID expire? You might want to think about these situations otherwise once a user is logged in, they will be logged in forever or as long as the app is open.

您打算如何处理持久登录？sessionID 是否过期？您可能需要考虑这些情况，否则一旦用户登录，他们将永远登录或只要应用程序打开。