1

I am using CloudKit to make a simple user database. What would be a good way to retain user logins? Meaning, once a user logs in they stay logged in. I was using NSUserDefaults to store a boolean to track if they are logged in, as well as an email string so you could tell what account they were logged into; however, this can lead to easy fake logins. Does anyone know of a better, safer way to retain this information?

Current structure of Account record type: Structure

Kendel
  • 1,698
  • 2
  • 17
  • 33
  • Retain logins to what exactly? – rmaddy Aug 24 '16 at 22:13
  • 1
    @rmaddy So that when the user closes the app, they can be automatically logged in. NSUserDefaults was easy as I could just save that they are logged in with a certain email, or they are not logged in. – Kendel Aug 24 '16 at 22:14
  • 1
    Logged into what? – rmaddy Aug 24 '16 at 22:15
  • @rmaddy I want the app to know if they have entered a correct email/password combo and clicked login at some point, and what email they entered. If they click logout, I want to also know that they are not logged in. – Kendel Aug 24 '16 at 22:17
  • @Kendel check out this post: http://stackoverflow.com/questions/36232100/how-to-create-user-in-cloudkit/36240546#36240546 – Pranav Wadhwa Aug 24 '16 at 22:20
  • @penatheboss I already have a system in place for creating users, verifying them, and logging in. I just need a way to save whether or not that user has been logged in, and what email they used. I do not want to use NSUserDefaults like that post because they can be easily modified maliciously. – Kendel Aug 24 '16 at 22:22
  • Think this is what you are looking for, you shouldn't need to store if the user is logged in. You should request that directly from CloudKit, the user could have been logged out of iCloud elsewhere which wouldn't be reflected in your NSUserDefaults http://stackoverflow.com/questions/32335942/check-if-user-is-logged-into-icloud-swift-ios – sbarow Aug 24 '16 at 22:31
  • @Kendel i don't understand why NSUserDefaults is insecure. It has worked fine for me in the past. – Pranav Wadhwa Aug 24 '16 at 23:18
  • @penatheboss a google search should yield some results as to why you shouldn't store sensitive information in the NSUserDefaults. – Kendel Aug 24 '16 at 23:22
  • @penatheboss If you really want to use NSUserDefaults you could encrypt the information that you store there in theory. – Kendel Aug 24 '16 at 23:23

1 Answers1

0

I have decided to do the following:

  1. Upon login set the email and password in the user's keychain.

    keychainWrapper.mySetObject(password, forKey: kSecValueData)
keychainWrapper.mySetObject(email, forKey: kSecAttrAccount)

  2. When opening the app, rerun the login process using the information stored in the keychain. If the keychain is empty, send them to the signup page. If the email/password are in the database, log them in. If the email/password are not in the database, send them to the signup page.

  3. In order to log out simply reset the keychain's values.

    keychainWrapper.mySetObject("", forKey: kSecValueData)
keychainWrapper.mySetObject("", forKey: kSecAttrAccount)
Kendel
  • 1,698
  • 2
  • 17
  • 33