We are also doing similar thing. But, we are sending session related
information in Cookies (REST calls). We use SessionGuid (oracle) for in
stead of using predictable oracle sequence ids. Id > 256bit long secure
random seeded is also good idea.
Some sample REST interfaces we are using
@Path("/issession")
@GET
public com.xxx.webservices.common.UserResponse isSessionValid();
@Path("/createsession")
@POST
public com.xxx.webservices.common.UserResponse createSession() ;
@Path("removesession")
@DELETE
public com.xxx.webservices.common.UserResponse
invalidateSession();
Regards
Karuna Pydipati
StubHub/eBay - Platform & Services
Phone: (415)222-8752
Email: [email protected]
-----Original Message-----
From: Andres Olarte [mailto:[email protected]]
Sent: Tuesday, November 17, 2009 7:24 PM
To: [email protected]
Subject: Re: Stateful webservices
Thanks for your input. How are you passing the session id from the
client?
Is it defined in the wsdl, or are you using Out of Band headers?
On Tue, Nov 17, 2009 at 8:47 PM, vickatvuuch <[email protected]>
wrote:
>
> I put together my own session store bean which is shared by all Impl
beans.
> Later you could use Hibernate cache to replicate it cross hosts..
> The Auth.login does auth and generates sessions, then client sends
> this sessionid in the SOAP header or on the REST request.
> You put together a In interceptor to validate session key and either
> let request in or bounce it. Of course the key has to be long > 256bit
> long secure random seeded, expiring, etc.
> May be there is a better way, will watch what others say..
>
>
> olarte.andres wrote:
> >
> > Hi,
> >
> > What's the best way to implement stateful web services? I was
> > thinking
> of
> > including a session id with every call, but was wondering if there's
> > a better way.
> >
> > Thanks,
> >
> > Andres
> >
> >
>
> --
> View this message in context:
> http://old.nabble.com/Stateful-webservices-tp26400779p26401116.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
