Concerning sessions

[Tom Ziemer <t....@dkfz-heidelberg.de>]

Hi everybody!

After browsing through the archive of this list and searching the web I 
am still no quite sure, which session approach to use for my services. 
What I need to do is quite simple - let a user authenticate, then only 
exchange a token/sessionid for all following calls. As far as I 
understand it, I have three alternatives:

Option a) Use a http session
Option b) Use SOAP headers
Option c) Reimplement basic session handling

Obviously c) is not the method of choice, so I am left to choose between 
a) and b). The most important issue for my web services is 
interoperability, since I am writing only the services but the clients 
will be implemented by another company and I have no idea what 
programming language/tools they are going to use.

Any input would be appreciated,

Tom