Thanks for your input. How are you passing the session id from the client? Is it defined in the wsdl, or are you using Out of Band headers?
On Tue, Nov 17, 2009 at 8:47 PM, vickatvuuch <[email protected]> wrote: > > I put together my own session store bean which is shared by all Impl beans. > Later you could use Hibernate cache to replicate it cross hosts.. > The Auth.login does auth and generates sessions, then client sends > this sessionid in the SOAP header or on the REST request. > You put together a In interceptor to validate session key and either > let request in or bounce it. Of course the key has to be long > 256bit long > secure random seeded, expiring, etc. > May be there is a better way, will watch what others say.. > > > olarte.andres wrote: > > > > Hi, > > > > What's the best way to implement stateful web services? I was thinking > of > > including a session id with every call, but was wondering if there's a > > better way. > > > > Thanks, > > > > Andres > > > > > > -- > View this message in context: > http://old.nabble.com/Stateful-webservices-tp26400779p26401116.html > Sent from the cxf-user mailing list archive at Nabble.com. > >
