Re: Keeping the session at SOAP ?!

From: Lars Oppermann <>
Date: Mon, 11 Mar 2002 11:59:23 +0100

Hi Armond,

Armond Avanes wrote:

> I want to know if there is any good and practical
> pattern to keep the session at SOAP calls, other than
> passing a session token everytime as a parameter of
> methods ?!

we are currently using header elements to identify sessions in Sun Webtop. There is currently no standard that defines how these headers should look like, and as Anne pointed out, there is work underway to get this defined.

Most current SOAP implementation offer you the possibility to access the
servlet/http session object and most client implementations handle
sessions as well in some way. However, I would strongly discourage the
use of the http session to maintain state associated with SOAP services
since this would make your whole implementation HTTP dependant, limit
interopeability with various client implementations and intermix
inforamtion from otherwise unrelated system layers.
As for the pattern "using method parameters to handle state" it would be
possible to use a facade pattern, where your service handles the
parameter, binds itself to the right context and then delegates the
request to the apropirate service existing in the right context.


Lars Oppermann <>               Sun Microsystems
Software Engineer - Sun ONE Webtop                       Sachsenfeld 4
Phone: +49 40 23646 959                                D-20097 Hamburg
Fax:   +49 40 23646 550