After writing a login system working with PHP + MySQL on the server side and Unity (c#) on the client side I have a problem. I'm implementing the user actions. I have segmented every action in independent PHP files (login, register, getfriedns, comment, etc.) I do the classic username + password login, after that, I generate an access token and send to a client. How can I assure for every action that the user has actually logged in the app? I was thinking this:
File POST requirements Result GetFriends.php username array friends
should I send the accessToken for every request to block any user trying to use this file without permission? Like logging every time? I've read that web browser has the Session and the cookies so I'm trying to copy that behavior.
Note: encryption it, not a concern now, I want to implement the basic workflow first.