i think, anyway, that a session maintenance isn't correct in statless web
applications.
federico
"Naresh
Agarwal" Per: <[EMAIL PROTECTED]>
<naresh_ka@ya Cc:
hoo.com> Oggetto: Re: sessions
10/10/2001
10:18 AM
Per favore,
rispondere a
soap-user
Hi Roger
You are right that Soap Specs don't say anything about session
maintenance..and implementations of Soap could be made authentication
enable
passing info. in the Soap Headers.
MS-Soap supports this through IHeaderHandler interface.
But Apache Soap uses HTTP session maintenace mechanism to support it. There
a example "addressbook2" in the samples directory of Apache Soap
distribution.
Currently MS-Soap and Apache Soap are not interoperable as far as Session
Maintenance is concerned this is because unlike Apache Soap, MS-Soap does
not allow to set cookies in the HTTP header.
But AXIS (Apache Soap 3.0) might support the session maintenace in the way
MS-Soap does, to make session maintenance interoperable between the two
Soap
implementations. You can read more on this on Axis-developers mailing list
archives.
Regards,
Naresh Agarwal
----- Original Message -----
From: "Roger L. Costello" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 09, 2001 6:03 PM
Subject: Re: sessions
> > Naresh Agarwal wrote:
> >
> > Apache Soap supports session maintenace. It uses
> > underlying HTTP mechanism (cookie based) for session
> > maintenace.
> >
> > You can find more details on it at the following link.
> >
> > http://xml.apache.org/soap/docs/guide/migration.html
>
> I took a look at this document. It seems to be addressing the issue of
> creating a persistent network connection between between a SOAP client
> and server. I do not believe that that is the type of session which
> Oleg is interested in. I believe that Oleg is interested in an HTTP
> session (i.e., a virtual session). That is, he is interested in
> establishing a pesistent "virtual connection" between the SOAP client
> and the server, as is commonly used by web sites that implement the
> shopping cart paradigm.
>
> Many web sites today implement HTTP sessions using cookies. The server
> sends to the client a cookie (containing typically a session ID), which
> the client's browser stores. Each time the client hits that web site
> the browser automatically sends along the cookie to the server.
>
> Naresh, I must admit to being confused by your statement "It uses the
> underlying HTTP mechanism (cookie based) for session maintenance".
> First, the document you reference seems to be merely addressing how to
> set the HTTP header to Connection: Keep-Alive. Second, I see nothing in
> Apache SOAP which allows a server method to set cookies. Third, I see
> nothing in the Apache SOAP spec for storing cookies on the client side.
>
> The SOAP spec seems to suggest that things such as sessions,
> authentication, etc can be enabled by placing elements in the SOAP
> header section. This raises several questions in my mind:
>
> 1. Has anyone used the header section? Can you show an example?
>
> 2. Since the SOAP spec doesn't define anything in the SOAP header
> section then each SOAP implementation is left to define their own way of
> implementing sessions, authentication, etc. Right? Consequently,
> Apache SOAP will not work with MS SOAP, etc. Right?
>
> /Roger
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
