How does the handler detect the incoming request belongs to some existing 
sessions ?? (is it assessible via MessageContext ?)  And then throw a SOAP 
Fault if not.

Rgds, Ricky

At 10:29 AM 9/30/2002 +0200, Matthias Brunner wrote:
>On Monday 30 September 2002 10:23, Jan-Olav Eide wrote:
> > > When using HTTP cookies for session management the MS SOAP
> > > library 3.0 supports this automatically. As for .net clients I
> > > do not know but I think they will do the same.
> >
> > So what is the best way to gracefully detect and reject requests
> > from (MS SOAP or Java) clients that are not session-enabled, given
> > that my service requires that they should be ?
>
>IMHO, there is no standard way to detect this.
>One possibility could be to require them to make two calls at the
>start of a session. Clients not session-enabled will fail to make
>the second call within the same session and will start a new session
>with the second call, which can be detected. Thus a soap fault can
>be returned.
>--
>Matthias Brunner <[EMAIL PROTECTED]>
>PGP FP 7862 32B3 3B75 292A F76F  5042 8587 21AB 5B89 D501
>Check out http://blumenstrasse.vol.at/~mb/gpgkey.asc

Reply via email to