I am working with an Android app that sends information to a PHP server.
The Android app should login first and if the login is successful start to send the data.
This is the php page (login):
$data = file_get_contents('php://input');
$json = json_decode($data);
$con = mysql_connect('localhost','root','1111');
mysql_select_db('root') or die(' ');
$sql = "SELECT name FROM chiled WHERE `im` LIKE $id ";
$query = mysql_query( $sql );
if the login is successful then you can start a php session that store the session and validation. Most websites works in this fasion (for example Stack Overflow).
A session in php by default is passed through cookie PHPSESSID. So, if the login is correct then you can return the cookie and locally (server side) associate the session with the user.
Also, PHP allow to create and manipulate a session cookie-less.
The only detail is that you must associate a session with the ip because security issues.
So, the cycle can be:
android --user/password--> login.php ---phpsessid--> android
android --phpsessid --> content_page.php ---information--->android
and if you are not logged (or the session has expired)
android --phpsessid --> content_page.php ---error page (you are not allowed)--->android