Coupling Android App with Web Service

I am creating a Webapplication - Food Review site for which we are also developing an android application.

I want to know how to couple the application session of a particular user over the Internet with the application.

When the u开发者_运维问答ser logs in thru the application how can i serve them content related to the user alone. How can i know which user is requesting.

I am from a PHP background so i am a little confused how its done in the mobile application

You can maintain state in the same way a web application does. When a browser stores a cookie all that means is that requests sent to a matching domain get the cookie in the HTTP header. When you construct your HTTP request in Android you have complete control of the headers so it's easy to add your cookie value.

E.G. Post to your authenticator, sending client details. The authenticator would normally respond including the cookie in its response headers, here's a sanitised version of google's cookie setting response headers:

Cache-Control:private, max-age=0
Content-Encoding:gzip
Content-Length:173
Content-Type:text/html; charset=UTF-8
Date:Fri, 04 Mar 2011 12:24:32 GMT
Expires:Fri, 04 Mar 2011 12:24:32 GMT
Location:http://www.google.co.uk/
Server:GSE
Set-Cookie:SID=UNIQUESIDGOESHERE;Domain=.google.co.uk;Path=/;Expires=Mon, 01-Mar-2021 12:24:32 GMT
HSID=SOMETHINGELSEUNIQUEHERE;Domain=.google.co.uk;Path=/;Expires=Mon, 01-Mar-2021 12:24:32 GMT;HttpOnly

You can read that value and attach it to any http requests you make and the server would be non the wiser that you aren't a normal web browser.

Android is pretty much stateless. (I mean even if it can use states, I haven't come across any such example so far)

So I don't think you can have a session as you have on the web.

You can have a token method to authenticate users for a particular time period. like the OAuth implemented web services do.

Your android app sends the token for each request and your server manages the generation and life of that token along with the permissions.

How does this sound?