Hi Roger You are right that Soap Specs don't say anything about session maintenance..and implementations of Soap could be made authentication enable passing info. in the Soap Headers.
MS-Soap supports this through IHeaderHandler interface. But Apache Soap uses HTTP session maintenace mechanism to support it. There a example "addressbook2" in the samples directory of Apache Soap distribution. Currently MS-Soap and Apache Soap are not interoperable as far as Session Maintenance is concerned this is because unlike Apache Soap, MS-Soap does not allow to set cookies in the HTTP header. But AXIS (Apache Soap 3.0) might support the session maintenace in the way MS-Soap does, to make session maintenance interoperable between the two Soap implementations. You can read more on this on Axis-developers mailing list archives. Regards, Naresh Agarwal ----- Original Message ----- From: "Roger L. Costello" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 09, 2001 6:03 PM Subject: Re: sessions > > Naresh Agarwal wrote: > > > > Apache Soap supports session maintenace. It uses > > underlying HTTP mechanism (cookie based) for session > > maintenace. > > > > You can find more details on it at the following link. > > > > http://xml.apache.org/soap/docs/guide/migration.html > > I took a look at this document. It seems to be addressing the issue of > creating a persistent network connection between between a SOAP client > and server. I do not believe that that is the type of session which > Oleg is interested in. I believe that Oleg is interested in an HTTP > session (i.e., a virtual session). That is, he is interested in > establishing a pesistent "virtual connection" between the SOAP client > and the server, as is commonly used by web sites that implement the > shopping cart paradigm. > > Many web sites today implement HTTP sessions using cookies. The server > sends to the client a cookie (containing typically a session ID), which > the client's browser stores. Each time the client hits that web site > the browser automatically sends along the cookie to the server. > > Naresh, I must admit to being confused by your statement "It uses the > underlying HTTP mechanism (cookie based) for session maintenance". > First, the document you reference seems to be merely addressing how to > set the HTTP header to Connection: Keep-Alive. Second, I see nothing in > Apache SOAP which allows a server method to set cookies. Third, I see > nothing in the Apache SOAP spec for storing cookies on the client side. > > The SOAP spec seems to suggest that things such as sessions, > authentication, etc can be enabled by placing elements in the SOAP > header section. This raises several questions in my mind: > > 1. Has anyone used the header section? Can you show an example? > > 2. Since the SOAP spec doesn't define anything in the SOAP header > section then each SOAP implementation is left to define their own way of > implementing sessions, authentication, etc. Right? Consequently, > Apache SOAP will not work with MS SOAP, etc. Right? > > /Roger _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com