Android for Rails Server Managing Sessions

I have a rails app (rails3) that uses sessions for users to navigate upon login. I am trying to create an android app for this rails server and trying to figure out what is the best way for handling login is.

From what I've found so far, there are two possible ways: 1. Get sessions from rails server and setCookie on android side upon login 2. Use OAuth.

Which would you recommend?

At this point, I am unsure of how to manage s开发者_运维技巧essions when using OAuth, that's why I am asking the question. Thanks

I encounter this problem last time as well. As we need to allow logged in user in the android to be able to query the rails server for some data. Initially we thought about sending password/username from android and then set the session and cookies in rails server, then send back the info. Android then use this cookies to determine if the user is successfully login. However, in the end we didn't do this, as the cookie information maybe hard to manage in mobile device. In the end we create a separate protection scheme for the rails server, if the android send user/password, rails server would validate, if sucessfully, we will insert a encrypted token into the database that contains user name and token. For subsequent request, the android device must send token to rails server, if the token is valid and can be found in db, the validation passed,and we will return data.

Good thing about this is it is easier to manage users. E.g. you can easily manage how many concurrent loggin you allow for the user. Or even better if needed, you can kick out some users without touching the android apps. Not quite sure if this fits your questions. Just to share.