HTTP Web Session

The HTTP Web Session method will allow you, as the app builder, to use your own server to leverage user sessions to authenticate user sign-in and manage session content.  You can manage credentials on your own server without exposing those credentials to the MobileSmith platform.  You can use the platform's canvas feature to design your login page.



To use the HTTP Web Session method, go to App Stores > App Settings.

Select "HTTP Web Session" for the Access Method field.

Click "Apply".



When the Access Method is set to HTTP Web Session, the Access Manager AppBlock will have 2 pages: Configuration and Phone Canvases.



On the Configuration page, you can set the Item Name and the Display Name.  The Item Name is what you will see in the platform when designing your app.  The Display Name is what will be showed to the app user when using the app.  Both are set to "Access Manager" by default.


You can also enter your access URL - this is where the app will send the credentials entered by the app user.

Specify how the username and password should be labeled (under "Pass As").

Enter a username and password (under "Test Value") and click "Save & Test Configuration".  This will save your entered data and perform a test by executing the URL and using the test values.  If your server returns a success message, the platform will display that.  If it returns an error, the platform will display the error.


Phone Canvases

With HTTP Web Session, you can design the login page.  Unlike most canvases in the MobileSmith platform, this one has three items on it by default:

  • Username entry field (Text Box)
  • Password entry field (Text Box)
  • Submit button (action button)


You can configure the appearance of these three items, but they cannot be deleted.

You can also use the standard Generic Tools on this canvas - Text Label, Image, and Buttons.

**NOTE** You can add Buttons, but you will only be able to target Website AppBlocks.  This is to prevent the app user from going around the login screen.


Device Behavior

When the app user launches the app for the first time, he will be shown the login page.  If the user submits invalid credentials, he will not be allowed to proceed past this page.  If the user submits valid credentials, the server should return a successful response code (200) and a "Set-Cookie" attribute in the response headers.  The app will save this info and supply it on any subsequent Flex AppBlock requests.

When a cookie becomes invalid, the server should give a 401 response code (Unauthenticated).  When that happens, the app will show the login page and the user will not be able to proceed until he supplies valid credentials.