Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by CyrilleLeClerc: http://wiki.apache.org/ws/FrontPage/Axis/SessionSupport The comment on the change is: Add Question "Is it standard to maintain a SOAP session with HTTP Cookies ?" ------------------------------------------------------------------------------ '''Q: What else can I do with sessions?''' A: Any time after the session context has been established, calling getSession() on the current messageContext will obtain you a reference to a Session object. You may use this object like a Hashtable to store arbitrary data associated with this Session. For instance, on one request you might extract the caller's name and address from a database (an expensive operation), and then cache them in the Session object for fast access on subsequent invocations from the same caller. This functionality can be used either by custom Handlers or by your backend service object itself. + + + '''Q: Is it standard to maintain a SOAP session with HTTP Cookies ?''' + + As SOAP is transport agnostic, using HTTP cookies to maintain a session is not part of the standard. However, HTTP Cookies is the most widely used method to maintain session during SOAP calls and it has been integrated in the [http://www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html WS-I Basic Profile 1.0 Specification]. This reduces the interoperability problems. + + Most of the SOAP implementations (Apache Axis, IBM Websphere, .Net, ...) support it. + + To conclude, it is not exactly a standard but it is a de facto standard. + + Extract from [http://www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html#refinement16489648 WS-I Basic Profile 1.0 Specification] : + ''4.3.10 HTTP Cookies'' + + ''The HTTP State Management Mechanism ("Cookies") allows the creation of stateful sessions between Web browsers and servers. Being designed for hypertext browsing, Cookies do not have well-defined semantics for Web services, and, because they are external to the SOAP Envelope, are not accommodated by either SOAP 1.1 or WSDL 1.1. However, there are situations where it may be necessary to use Cookies; e.g., for load balancing between servers, or for integration with legacy systems that use Cookies. For these reasons, the Profile limits the ways in which Cookies can be used, without completely disallowing them.'' + + ''R1120 An INSTANCE MAY use the HTTP state mechanism ("Cookies").'' + + ''R1122 An INSTANCE using Cookies SHOULD conform to RFC2965.'' + + ''R1121 An INSTANCE SHOULD NOT require consumer support for Cookies in order to function correctly.'' + + ''R1123 The value of the cookie MUST be considered to be opaque by the CONSUMER.'' + + ''The Profile recommends that cookies not be required by instances for proper operation; they should be a hint, to be used for optimization, without materially affecting the execution of the Web service. However, they may be required in legacy integration and other exceptional use cases, so requiring them does not make an instance non-conformant. While Cookies thus may have meaning to the instance, they should not be used as an out-of-bound data channel between the instance and the consumer. Therefore, interpretation of Cookies is not allowed at all by the consumer - it is required to treat them as opaque (i.e., have no meaning to the consumer).'' '''Sample of client side sessions'''
