At least three options I know of: 1) 1.3 - SimpleSessionHandler 2) axis2 - serviceGroupContext. 3) Roll your own.
#3 is what I've done on several occasions. If using EJB, you can use getHandle() on EJBObject. The advantage here is you let the server time out the session. Lately I've been inclined to just use java.util.UUID and cache it(Singlenton, EHCache, Jtree etc), then returning it as a String from the login. Just have the client pass it back in on subsequent requests. From there, doing the timeout is just simple Java. HTH, iksrazal http://www.braziloutsource.com/ Em Segunda 23 Janeiro 2006 07:18, o Otto, Frank escreveu: > Hi, > > I want to use axis to implement a webservice. > > Now, I need an authentication mechanism to secure the webservice. I want to > use login method with login/password. After successful login, I will > generate a token, which the user have to put as parameter with other > webservice methods. The token must have an expire time. > > Has someone do this? Can someone give me hints? > > > kind regards, > > Frank --
