From: http://blog.csdn.net/xjbclz/article/details/51378806
At present, most APPs support long-term login, that is, after a user logs in once, if the user does not actively log out, clear the APP cache data or uninstall the APP, the user will remain logged in for a period of time or all the time.
3.4.1 Realization with Token
After the APP is successfully logged in, the server generates an N-digit string randomly as the Token in some way, sets an expiration date, stores it in the server, and returns the Token to the APP.
When the APP sends a request, it must bring the Token. Every time the server receives a request, it must verify the Token and the validity period. The Token value is correct and within the validity period, the server returns the required result, otherwise it returns an error message, prompting User logs back in.
(This method is currently used the most)
3.4.2 Implementing with Cookies
After the APP is successfully logged in, the server creates a cookie containing two attribute values of SessionId and Expires, stores it in the server, and sends it to the APP.
When the subsequent APP sends a request, it must bring a cookie containing the SessionId. Every time the server receives a request, it must verify the SessionId and the validity period. The SessionId value is correct and within the validity period, the server returns the required result, otherwise it returns An error message prompting the user to log in again.
(This method is similar to the browser's authentication method)