Problem w/ AXIS Client caching Session Key

[Ken Paulsen <kp...@iplanet.com>]

I am working on a web-based product that utilizes JAX-RPC to make calls to web
services.  I would like to ensure that Axis will work with our product,
however, I have run into a problem with the Axis implementation.

When making a stateful client call using Axis as the client, Axis stores the
session key (cookie) returned by the server as an instance variable on the
transport object used.  The transport object is cached per VM using the target
endpoint address as the key.

In a web environment, the VM is likely shared w/ multiple users, meaning they
share the same Session key stored in the transport object for a given
endpoint.  This is my first problem.  The second problem (which is a
derivative of the first), is that there is no apparent way to store/restore
session keys per user.  In fact session management is completely hidden from
the developer.

Would it be reasonable to make the following changes:

  1)  Make the storage of "cookies" (session keys) non-static (i.e. don't have
a static Hashtable in client.Call.java).
  2)  Store this information in a Serializable object such as "client.Service"
so that it can later be restored?  (or better yet, get JAX-RPC to expose
session keys and provide standard ways of managing them)

Ken Paulsen
ken.paulsen@sun.com
408-404-8695