Hi, iam building a small webservice in axis2 (buttom up, i write the java classes and let eclipse wtp generate the service). I would like to use sessions so that a user can login with a username and pass if it exist in a database and than use the webservice but within the context of his session. I quite frankly don't know where to start. How do i create a session and than handle it afterwards?
A:
I'm not sure I understand you question fully. The servlet container (tomcat?) will take care of the session management, and it can also take care of the authentication.
Maurice Perry
2009-03-16 00:40:08
+1
A:
You may want to use handlers for authentication. Suggest you start here on that topic.
For session information, start here.
As @Maurice Perry said, I'm not sure your question makes sense...remember that web services are supposed to be stateless.
Michael Sharek
2009-03-16 13:45:43
+1
A:
Web services supposed to be stateless. So if you planned to use 'session' for authentication you could consider the following approach:
- Define authentication API that returns some key/token that server can identify user with in consecutive calls
- Client must call authentication API first
- Client must pass the authentication key with any consecutive call in form of API parameter or custom http header.
You could to take a look at eBay API, they use both http headers and method parameters.
You have to remember that if you planned to use session for holding the state, there is a bunch of issues you have to take care of in clustering environment since the same client can be served by different nodes.
Gennady Shumakher
2009-03-19 10:43:57