With cookies, the
session id is sent between the client and the server in the HTTP headers,
meaning that it is bound to the transport protocol. Change the protocol (for
example, use JMS) and it does not work anymore.
If you look at the
SOAP specification (from w3c.org), a SOAP message is composed of a SOAP body
(the content of the message) but also of SOAP Headers which can be used for
session management (for example) in a transport independent way. In simple
term, what you put in the http header when using cookies, you now put it in
the SOAP header.
Yes, it means a
little more programming on your side as SOAP tools (client and server) do not
necessarily handle SOAP headers in a complete transparent manner but it might
be worth paying the cost if you are considering using other transport that
just HTTP.
Take a look at
org/apache/axis/handlers/SimpleSessionHandler.java which is a very good start
to do SOAP header based session handling (for simple session handling, it can
be used as is). The last time I played with that I had to slightly modify it
to wrap the sessionID into a complex type so a C# .NET client can handle it in
a complete transparent manner.
Thomas
-----Original
Message-----
From: Sateesh
Ayyagari [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2003 1:30
PM
To:
[EMAIL PROTECTED]
Subject: RE: Maintain Session with .NET
and AXIS
Hi Thomas,
I read the mailing list and found your
reply to "Stateful Web Services" stating that the SOAP header
solution to maintaining state would be the right approach rather than the
Cookie-based approach. I could maintain session and application scope
using the HTTP cookies set on the client side and session/application scope on
the server side. Could you kindly explain in detail the Header-based
approach?
Sateesh.
[EMAIL PROTECTED]
wrote:
If you
are using Axis for your web service, setting the scope to session will turn
cookie handling on from the server side point of view (Axis will use the
HTTPSession features of the servlet container). On the C# client side, you
have to create the cookie container for your service object to turn cookie
on as well, and that is it, no need for anything else.
If you
do a couple of searches in the mailing list archive you will find more
details on all that for sure.
Thomas
-----Original
Message-----
From: Sateesh
Ayyagari [mailto:[EMAIL PROTECTED]
Sent: Monday, February 10, 2003 1:57
PM
To:
[EMAIL PROTECTED]
Subject: Maintain Session with .NET and
AXIS
Hi,
I have a question regarding maintaining
session. How do we maintain session for a Java Web Service which is
consumed by a C# client? Any links would be
appreciated.
Sateesh.
Do you Yahoo!?
Yahoo!
Mail Plus - Powerful. Affordable. Sign up
now
Do you Yahoo!?
Yahoo! Web Hosting -
establish your business
online
