I have an application that is accessible from a browser to manage some items but there are calls that should be performed from fat client programs. There is authentication being done from browser forms and the session management is the default container cookie/url rewriting scheme. Obviously a client app will not know what to do with a cookie and it can't use url rewriting as the response is just an XML file that is a result of the initial request. Those initial actions must be authorized but I don't want to authenticate on every request. Having said that these are the basic two questions:
1. Is this a good idea to use servlets or should I do SOAP instead (this is without consideration for session management, just pure technological question for web based service called from an app)? 2. How would I manage sessions in when all calls would be programmatical HTTP requests? I thought of a scheme where an initial request from an application should go to AuthenticationServlet which would return a token that then would be included in every subsequent request for other functions. What do you think? Thanks, d. -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
