Hm, I've not tried any transport other than HTTP so I have no comments on
it, but does the HTTPSession still work with your own implementation of a
client (Java application instead of Servlet/JSP)? Or if the client is not a
Servlet or JSP e.g. a Perl client?
.sausheong
----- Original Message -----
From: "Christoph C . Cemper @ Cemper.com" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, September 05, 2001 3:23 AM
Subject: AW: How to Maintain sessions in SOAP
Hi Chiranjeevi,
Unfortunately you do not describe, which session-mechanism you use - I mean
the current one.
When talking about sessions - you mean an HTTP session - right?
I want to make that clear, because basically you can send SOAP-messages via
various transports, such a e-Mail, FTP, Message-Queuing-Systems (like IBM
MQseries etc).
Also there are protocols like the proposed BEEP or HTTPR in the experimental
state, which also
provide a "reliable messaging", meaning that you can distinguish the a
message from another duplication of a message and therefore -know- about the
state of a message.
HTTP Session-Tracking for SOAP - transparent to the messages sent - is
typically done like in other HTTP applications
- via session-cookies
- via URL-rewriting
Of cource you can also implement a "token-passing", like Chang Sau wrote.
But implementing
a "token", which means passing a session-id or context-id via a parameter is
always a
possibility.
The sexy thing on using a transport or a mechanism like session-cookies/urls
is, that it
should work for ALL calls, regardsless if they have their
"session-token"-parameter or not.
AFAIK the following implementations support Session-Cookies AND
Url-Rewriting
- Apache SOAP 2.2
- Apache AXIS
- Microsoft SOAP Toolkit beta2
- Microsoft.NET
- Idoox WASP
I am sure others like Graham's GLUE and others will also support that, but I
am not sure. Maybe some feedback from the others will clear that up.
That means, that if you can make sure, that the client supports either of
both (URL or cookie) then the session-tracking should work. That should be
done via a simple check after a "login"-transaction that creates the session
object. Each Web-Service having to hold the context of the session should
perform a check for it.
That is quite comparable to JSP-includes that perform a "Is there a valid
session or not" on every page...
The session-object itself can be retrieved and managed in the implementation
of your service on the server, but I guess you already know that..
Did that answer your question so far?
mfg / kind regards,
Christoph C. Cemper
email: mailto:[EMAIL PROTECTED]
www: http://Christoph.Cemper.com
-----Urspr�ngliche Nachricht-----
Von: Chiranjeevi Paruchur [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 04. September 2001 14:25
An: [EMAIL PROTECTED]
Betreff: How to Maintain sessions in SOAP
Hi!
Can anyone throw some light on how to maintain sessions when I am using
SOAP.
I know how to do it when I have a java client.
I would like to know how to do it in such a way that any type of client can
have sessions with my SOAP server.
Thanks in advance,
Chiran
