Session handling, do it yourself?

[Jarmo Doc <ja...@hotmail.com>]

I've been investigating session handling and have almost convinced myself 
that for my particular situation I should just do it myself.  Each of my WS 
clients juggle multiple end-user sessions so the simple, default cookie 
solution doesn't work on its own (because the cookie identifies the WS 
client session, not an end-user session).

I've looked into using SOAP headers but it just seems to be too complex -- 
I'd have to write server code, my clients would have to write code, plus 
we'd need special WSDD at both server (not too bad) and *all* clients (very 
undesirable).  Also, as far as I can tell, I couldn't use java2wsdl to 
generate the WSDL for session handling so it would have to be maintained 
manually.

So all of this is leading me to the conclusion that I should just do it 
myself: have my login() operation return a string containing a session ID 
and then specify that as the 1st parameter on all subsequent session-based 
operations.  It's trivial code to write and the auto-generated WSDL is 
correct (and describes session handling to clients in a quite obvious 
fashion).

Am I way off base here and missing something?  Thanks.

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/