Setup iPhone app login to PHP web application backend

I'm not an iPhone developer but I'm starting on a project that is based on a PHP back-end server supplying data to iPhone userage开发者_JS百科nts and I'm wondering where to start with sessions/security.

With browsers, I can simply pass a cookie (containing a session id) on login.

However, I'm wondering if the iPhone is different. Do iPhone apps have access to storage space for something like a cookie/token? Are their anythings that I need to watch out for that make the iPhone app user agents special?

My app is the same pair of platforms. I don't mess with PHP sessions or cookies. I log in with plain old POST'ed username and password fields over SSH, and return a session token (a hash based on their username). In the app, I stash that in NSUserDefaults. I then require that token back, on every call to a function in the PHP that requires user identity or authorization. And again, I just pass it as a plain old form field.

BTW, I'm a big proponent of the ASIHTTPRequest library for web client functions. I'm not associated with the author, I'm just a newish iPhone developer whose life that library made vastly easier.

Things using NSURLRequest use NSHTTPCookieStorage by default. Of course, cookies aren't shared between apps.

You can additionally store things with NSUserDefaults or using the keychain (SecKeychain* functions); the keychain APIs are a bit cumbersome but there are examples out there. I'd prefer using the keychain for anything particularly sensitive; most files are stored unencrypted and most people don't enable encrypted backups (I'm not sure whether using the keychain with no passcode is secure either, but hey...)

You might also want to worry about how long the token is saved for (typing on an iPhone is a pain and browsers don't save passwords by default) and how easily it can be revoked.

The Safari browser on the iPhone is very similar to Safari on a desktop mac or PC. It supports cookies, sessions, javascript. So no, in regards to a login you don't have to do anything special.