How to Share Session Between Mendix Native App and WebView Automatically?

0
Hi everyone, I am developing a Mendix Native Mobile App, where users first log in via the mobile app. After successful login, they are navigated to the dashboard, which contains a WebView that loads a Mendix web page.   Issue: When the WebView loads the Mendix Web App, it does not recognize the existing session, and the user is asked to log in again. I want to automatically authenticate the user inside the WebView using the same session from the mobile app, so they are directly shown the dashboard page instead of the login screen.
asked
2 answers
0

The issue described here is that when a Mendix Native Mobile App loads a Mendix Web App inside a WebView, it does not recognize the existing session, forcing the user to log in again.

 Solutions : 

  • Ensure that WebView is set to allow cookies.
  • Use a Single Sign-On (SSO) solution where the mobile app logs in the user via OAuth/OpenID, and the WebView reuses the token.
  •  Instead of requiring the user to log in again, authenticate the user inside the WebView via an API call that validates the session from the mobile app.
answered
0

Hey Palani,

Another approach would be to, on successful mobile authentication, commit an object that denotes a user has successfully logged in.

You can create a new button on web, or even a flow that runs automatically when they hit the login page via DS microflows or the MicroflowTimer widget, that tries to retrieve a valid copy of that object that was created and committed during your mobile authentication. The presence of a valid object would tell the system that the user had a current session, and you'd authenticate the user into the system. Creating authentication logic like this can be tricky though. If you need help doing that you can look to the OIDC modules method of creating a session for a user.

There are some security risks with this that you'll need to consider. You don't want the object created during mobile authentication to persist indefinitely, it should be cleaned up after a period a time or after use. And you need to create a way to tie it to the user, potentially over association.

 

I hope this helps!

answered