How does the handler detect the incoming request belongs to some existing sessions ?? (is it assessible via MessageContext ?) And then throw a SOAP Fault if not.
Rgds, Ricky At 10:29 AM 9/30/2002 +0200, Matthias Brunner wrote: >On Monday 30 September 2002 10:23, Jan-Olav Eide wrote: > > > When using HTTP cookies for session management the MS SOAP > > > library 3.0 supports this automatically. As for .net clients I > > > do not know but I think they will do the same. > > > > So what is the best way to gracefully detect and reject requests > > from (MS SOAP or Java) clients that are not session-enabled, given > > that my service requires that they should be ? > >IMHO, there is no standard way to detect this. >One possibility could be to require them to make two calls at the >start of a session. Clients not session-enabled will fail to make >the second call within the same session and will start a new session >with the second call, which can be detected. Thus a soap fault can >be returned. >-- >Matthias Brunner <[EMAIL PROTECTED]> >PGP FP 7862 32B3 3B75 292A F76F 5042 8587 21AB 5B89 D501 >Check out http://blumenstrasse.vol.at/~mb/gpgkey.asc