Sure, I'm basing this on my investigation of SimpleSessionHandler. I'm
under the impression that if I want to use SOAP headers for session
management then an Axis client would need a WSDD file so that the Axis
client infrastructure can manage the headers, presumably through a handler.
I'm assuming that this is only relevant to Axis clients and other client
types would have to find their own solution, perhaps querying the SOAP
headers explicitly.
That aside, I'm coming around to the opinion that I should just specify HTTP
cookies for session management and leave it up to my clients to create a new
client context for each session (in order that subsequent logins appear to
come from new clients). So my WS client would actually juggle multiple
session cookies, one per end-user context.
From: "Austin Mills" <[EMAIL PROTECTED]>
Reply-To: axis-user@ws.apache.org
To: <axis-user@ws.apache.org>
Subject: RE: Session handling, do it yourself?
Date: Wed, 21 Sep 2005 14:43:14 -0500
Jarmo, I didn't follow your comment about needing a special WSDD at all
clients - can you explain that?
--Austin
-----Original Message-----
From: Jarmo Doc [mailto:[EMAIL PROTECTED]
Sent: den 20 september 2005 00:26
To: axis-user@ws.apache.org
Subject: Session handling, do it yourself?
I've been investigating session handling and have almost convinced
myself that for my particular situation I should just do it myself.
Each of my WS clients juggle multiple end-user sessions so the simple,
default cookie solution doesn't work on its own (because the cookie
identifies the WS
client session, not an end-user session).
I've looked into using SOAP headers but it just seems to be too complex
-- I'd have to write server code, my clients would have to write code,
plus we'd need special WSDD at both server (not too bad) and *all*
clients (very undesirable). Also, as far as I can tell, I couldn't use
java2wsdl to generate the WSDL for session handling so it would have to
be maintained manually.
So all of this is leading me to the conclusion that I should just do it
myself: have my login() operation return a string containing a session
ID and then specify that as the 1st parameter on all subsequent
session-based operations. It's trivial code to write and the
auto-generated WSDL is correct (and describes session handling to
clients in a quite obvious fashion).
Am I way off base here and missing something? Thanks.
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
