I'm developing an iphone app and I need to implement a 'safe' login system.
When the users writes his credentials, using a httprequest, phpmysql responds if authentification is correct or not.
But.. Do I have to send the credentials for every request after the login? For example: When I'm logged in, if I wanna get my profile info, should I send my credentials again?
I thought to implement a 'token' system, when an user logs in the server responds with a 'token' wich could be used for every request but... What if someone 'intercepts' this token? He could make petitions using this token like if he was the other user..
Hope I could explain what I'm trying to do (not using ssl)
Thanks!