ios - Is it necessary to develop an iPhone Native App with session token controlling at server-side? -

hello, everybody.

i developing iphone native app(including webview in it) communicate server-side webservice.
system has user management module user login/out, chanage theirs own information.

come usual cases such web site, there must token or else security consideration.
iphone native app? because webservice access app think secure enough, necessary implement @ session token way?

thanks, best regards.

how going identification/authentication without token?

i believe when enter user/password authentication pair + device_id sent (using ssl) server, in case of successful authentication server returns session token (session unlimited time, you) device_id. login , token saved somewhere in program (e.g. in defaults key/value storage). password should never saved anywhere in program.

when user launches app, app sends login, token , device_id server, server checks , ok+session_key or nok. in case of nok delete login , token app's storage , display login form again. if response ok - send http requests + session key , server replies you. that...

ps: believe should that, don't have experience in web.