Abhinav - Do the two calls have different method signatures? If so, key off that detail in your customized session handler.
For example, if the first call must be to login() before update() should be called, have the handler fault if update() is called with no session present. Also, you could bind the session creation to the actual call to login(). There is another design principle to consider. You may desire to create a session only if the client was properly authenticated and authorized. The security handlers could set the isValidated flag in the message context that is picked up by the session handler. If no session is present, AND isValidated is true, create the session. If the session is NOT present, AND isValidated is not defined or false, then have the service fault. /Chris -----Original Message----- From: Abhinav Maheshwari [mailto:[EMAIL PROTECTED] Sent: Saturday, January 17, 2004 7:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Using handlers across different services Hi, I am trying to maintain session between two calls on an Axis service. It is required that the second call should throw an error if the user does not have a session, i.e. first call is not made. I tried to use the SimpleSessionHandler shipped with Axis by using the following xml in the deploy.wsdd file. <service name="MyService" provider="java:RPC"> <requestFlow> <handler type="session" /> </requestFlow> <responseFlow> <handler type="session" /> </responseFlow> ... </service> The problem with this approach is that the SimpleSessionHandler creates a new session if none exists and does not give an error. So I wrote another handler SessionValidationHandler derived from SimpleSessionHandler. This handler takes a parameter "validate" and if this parameter is set to true by using <handler name="sessionValidation" type="java:mypackage.SessionValidationHandler"> <parameter name="SessionHandler.validate" value="true" /> </handler> But I cannot set this handler for the entire service since the first call needs to create a new session if none exists. Is there a way in axis to deploy different handlers for different calls on the web service ? I did not know of any such way. So I created two services, one containing the first method and the another containing the second method. I used the SessionValidationHandler for the first service with no validation and SessionValidationHandler for the second service with validation set to true. This gives a problem because Axis creates two instances of the handlers and the validating instance of the handler does not contain the sessions set by the non-validating instance. So I used a static hashtable to store the activeSessions. This does the job but does not seem like a good solution. Is there a better way to do it ? If anyone has encountered the need for using validation for sessions, I can also post the code. Thanks and regards, Abhinav
