I have to implement a token based authentication.
Users have a username and a password. I use the SHA512 method to encrypt the password before inserting it into the database. For retrieving data from the server, making queries and other simple actions, I need to know who is asking for the data and if this person is authenticated. I want to use a token. During the registration the server creates a token for the user and saves it in the Person table into the database, with username and encrypted password. Now, when a user wants to get some data from the server, he can use the token.
Is there a way in which the server can understand who the user is using token, or do I need to pass the username too? How can I know when the token expires without adding a field in the Person table?
I'm not sure I have understand the proper use of a token, and I have no idea on how implement it. I use php for implementing communications between the server/database and an Android application.