You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by "Thakur, Viraj" <VT...@Kronos.com> on 2006/03/28 17:29:36 UTC

Managing sessions - Soap Header and HTTP Session

Hello:

Has anyone encountered the problem of managing sessions using SOAP header and linking the session with HTTP Session? I am prototyping a set of services on top of an existing application architecture that uses HTTPSession for state management. In the web services that I am writing, we would like to maintain session using SOAP header rather than HTTP cookies. Therefore I need to link the session id in the SOAP header with the session id of the HttpSession. I have written a handler similar to SimpleSessionHandler. This new handler sets MessageContext session to use AxisHttpSession. However the linking of HttpSession with AxisHttpSession fails. The HttpSession is retrieved, like so:

HttpServletRequest request = (HttpServletRequest) context.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
HttpSession httpSession = request.getSession(true);

The getSession method on HttpServletRequest retrieves the session based on a cookie or URL but does not accept a "JSESSIONID" to retrieve the session with. Therefore the HttpSession is always different than the one we are looking for. Has anyone resolved this issue or found a way to get around it? Any help is much appreciated.

Rest of the code is something like this:

	AxisHttpSession session = null;
	if (header == null) {
	session = getNewSession(request,httpSession);
      id = session.getRep().getId();             
	}
	// This session is still active...
	(AxisHttpSession) session).touch();
	// Store it away in the MessageContext.
      context.setSession((AxisHttpSession)session);
      context.setProperty(SESSION_ID, id);
      context.setMaintainSession(true);


Many Thanks

-Viraj

Re: Managing sessions - Soap Header and HTTP Session

Posted by prashanth shivakumar <pr...@gmail.com>.

Dont know whether iam understanding your problem correctly..
JSESSIONID is nothing but a cookie used for session tracking by server..
I dont think you can ever retrieve a session based on JSESSIONID.
I do session handling as mentioned below.

================================================================
This is how i have done it.. Some of the people over in this forum suggested
the same..

Make your servlet webservice  endpoint interface implement
javax.xml.rpc.server.ServiceLifecycle interface
Than you need to define init() and destroy() methods.
Using ServletEndpointContext you can retrieve HTTPSession and thats what you
need to maintain state.
Implement your backend logic in stateless EJBs

given below is a small snippet from my servlet endpoint

Cheers

========================

javax.xml.rpc.server.ServletEndpointContext servletContext;

 /**
  *
  */

 public void init(Object context) {
   servletContext = (javax.xml.rpc.server.ServletEndpointContext) context;

 }

 /**
  *
  */
 public void destroy() {
  servletContext = null;
 }

====================================





On 3/28/06, Thakur, Viraj <VT...@kronos.com> wrote:
>
> Hello:
>
> Has anyone encountered the problem of managing sessions using SOAP header
> and linking the session with HTTP Session? I am prototyping a set of
> services on top of an existing application architecture that uses
> HTTPSession for state management. In the web services that I am writing, we
> would like to maintain session using SOAP header rather than HTTP cookies.
> Therefore I need to link the session id in the SOAP header with the session
> id of the HttpSession. I have written a handler similar to
> SimpleSessionHandler. This new handler sets MessageContext session to use
> AxisHttpSession. However the linking of HttpSession with AxisHttpSession
> fails. The HttpSession is retrieved, like so:
>
> HttpServletRequest request = (HttpServletRequest) context.getProperty(
> HTTPConstants.MC_HTTP_SERVLETREQUEST);
> HttpSession httpSession = request.getSession(true);
>
> The getSession method on HttpServletRequest retrieves the session based on
> a cookie or URL but does not accept a "JSESSIONID" to retrieve the session
> with. Therefore the HttpSession is always different than the one we are
> looking for. Has anyone resolved this issue or found a way to get around it?
> Any help is much appreciated.
>
> Rest of the code is something like this:
>
>        AxisHttpSession session = null;
>        if (header == null) {
>        session = getNewSession(request,httpSession);
>      id = session.getRep().getId();
>        }
>        // This session is still active...
>        (AxisHttpSession) session).touch();
>        // Store it away in the MessageContext.
>      context.setSession((AxisHttpSession)session);
>      context.setProperty (SESSION_ID, id);
>      context.setMaintainSession(true);
>
>
> Many Thanks
>
> -Viraj
>
>