Yes Roger, you are correct, my question was regarding virtual session. However, opening a persistent connection between client and server is of great interest as well. Especially, implementing it with login type authentication where server will allow to establish a connection only if user/password match server records. Have anyone ever done it or can show me how to do it?
I searched for this information and even though I found quiet a few tutorials for basic services, I have not found much on topic of sessions and security. I understand that as Apache SOAP matures, there will be more documentation, but for now people who ventured into that area on their own and succeeded would be of great help, anyone ? :) Thank you. Oleg -----Original Message----- From: Roger L. Costello [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 09, 2001 5:34 AM To: [EMAIL PROTECTED] Subject: Re: sessions > Naresh Agarwal wrote: > > Apache Soap supports session maintenace. It uses > underlying HTTP mechanism (cookie based) for session > maintenace. > > You can find more details on it at the following link. > > http://xml.apache.org/soap/docs/guide/migration.html I took a look at this document. It seems to be addressing the issue of creating a persistent network connection between between a SOAP client and server. I do not believe that that is the type of session which Oleg is interested in. I believe that Oleg is interested in an HTTP session (i.e., a virtual session). That is, he is interested in establishing a pesistent "virtual connection" between the SOAP client and the server, as is commonly used by web sites that implement the shopping cart paradigm. Many web sites today implement HTTP sessions using cookies. The server sends to the client a cookie (containing typically a session ID), which the client's browser stores. Each time the client hits that web site the browser automatically sends along the cookie to the server. Naresh, I must admit to being confused by your statement "It uses the underlying HTTP mechanism (cookie based) for session maintenance". First, the document you reference seems to be merely addressing how to set the HTTP header to Connection: Keep-Alive. Second, I see nothing in Apache SOAP which allows a server method to set cookies. Third, I see nothing in the Apache SOAP spec for storing cookies on the client side. The SOAP spec seems to suggest that things such as sessions, authentication, etc can be enabled by placing elements in the SOAP header section. This raises several questions in my mind: 1. Has anyone used the header section? Can you show an example? 2. Since the SOAP spec doesn't define anything in the SOAP header section then each SOAP implementation is left to define their own way of implementing sessions, authentication, etc. Right? Consequently, Apache SOAP will not work with MS SOAP, etc. Right? /Roger
