Re: cookie management between client and server

From: Bobby Bissett - Javasoft <>
Date: Mon, 05 Jan 2004 10:55:23 -0500

> a colleague of mine remembers that there was some sort of an SPI on the
> server side where we'd have to author a plugin to handle this, but we
> can't find any mention of this in the specification.

Hi Jeff,

You don't need a server side handler to set cookies -- once you get hold
of the javax.servlet.http.HttpSession object you can set it there.
Here's the way I have done it:

Make your service impl class implement
javax.xml.rpc.server.ServiceLifecycle in addition to your Remote
interface. This will make you add an init() and destroy() method.
Declare a field of type javax.xml.rpc.server.ServletEndpointContext and
in your init method do:

     public void init(Object context) throws ServiceException {
         servletEndpointContext = (ServletEndpointContext) context;

Then you can have a method like login or something that is the first
method the client calls, and it will set the cookie here. My example
passes in a username and password, but you can do it however you'd like:

     public boolean login() throws RemoteException {
         HttpSession httpSession =
         httpSession.setAttribute(username, password);

         // put your validation logic here
         Boolean isValidUser = Boolean.valueOf("true");

         httpSession.setAttribute("loginStatus", isValidUser);
         return true;

There may be better info for you in the javadocs for HttpSession, but
this is how you can get hold of it in your service. You can check for
the cookie and any other http info in the response either with your
filter or with a client side handler that simply gets the SOAPMessage
and examines the MimeHeaders. (or use a tcp tunnel kind of utility to
watch the http flow by...)


To unsubscribe, e-mail:
For additional commands, e-mail: