Axis is able to use the servlet container's session tracking mechanism, so it should return a cookie to the client. Can you run an http sniffer and see if the cookie is being returned to your client? Is the client sending the cookie in the http request that it sends?
I am new to axis, (as you can tell from my bone-head responses), but if the authentication is handled outside the realm of the xml documents that are in the transport, and are handled via the cookies in the http response/request, than the previous point would be a good place to start looking.
At 02:27 PM 3/26/2003 +1200, you wrote:
I've been having problems getting authentication to work from non-Java clients (e.g. VB6, etc). I was wondering whether it would be so silly to ignore the normal authentication mechanism and simply included a UserName and Password set of parameters in each and every webservice method that is exposed. This would provide for any easy no-nonsense authentication mechanism that will work for any client.
Any thoughts appreciated...
Thanks Xander
