Hi All,
I have been talking to several people over the last few days about Transport independent session mgt and based on those discussions I have the following open ended Proposal in the form of questions/comments. Sanjiva, Srinath, Deepal and Ajith helped me a lot to gather information about the current Axis2 and session mgt wrt web-services.
Background
---------------------
1. The motivation of T'port independent Session mgt stems from the idea of Providing Axis2 with a proper Scalability and High availability model.
Having a clear definition of a session helps in providing scalability and High-availability by means of session state replication (in other words clustering)
2. The current Axis2 has no clear notion of a session. (Serveral ppl expressed this concern)
Currently two concepts exist.
a) HttpSession based on cookies, if the Transport is http (the most popular)
b) SOAP header for RM & Secure Conversations
Conerns/Challengers
--------------------------------
1. As I understand Using a SOAP header requires the client initiating it (so possible impact on client code ???)
2. cookie based session mgt is only limited to http
3. If we are to manage a session outside of transport how are we going to manage it?? where are we going to store it?? (raised by Deepal)
4. Is the session going to be outside of the Context Heirachy or within it??
Proposal
---------------
To identify a concept of Session Mgt that is transport independent. We need an abstraction for a SessionManager and a Session interface that will have a local and a distributable implementation.
The abstraction is nessacery and should be able to plug in any implementation without impacting the current (or future) Functionality of Axis2.
Comments/suggestions are welcomed to come of with a model that we all can agree with.
Regards,
Rajith
