RE: Sessions in jax-rpc

From: Sharib Anis <>
Date: Fri, 10 Dec 2004 16:50:18 +0800


Thanks a lot for your response. However, I did manage to get the
HttpSessionListener working, and that has taken a lot of needless grunge
work out of my code.

But yeah, I still need to think about multiple servers. And synching memory
sessions with the persistence ones.

Thanks and Regards,
Sharib Anis

-----Original Message-----
From: Kevin Jones []
Sent: 10 December 2004 15:29
Subject: RE: Sessions in jax-rpc

Welcome to the world of HTTP!

You need to manage times and/or persistent sessions (if you're doing this
yourself). For timeouts: at the server you need to have a timer per client
that is reset each time the client uses the web service, you can then have a
timeout (that should be configurable in the web.xml file) such that when the
timeout expires the session is discarded, if the client re-uses the 'cookie'
after the session expires at he server then a new session will need to be
created. If you want a scalable service then you also need to think about
how session state can be shared across multiple servers.

For persistent sessions you need to store both the server session state
(probably in a database) and the client 'cookie' (probably in a file). You
may still want the client cookie to be expirable (this data needs to be
transmitted in the cookie).

I've probably missed something but this is the basic idea,

Kevin Jones
skype ( kevinrjones

> -----Original Message-----
> From: Sharib Anis []
> Sent: 10 December 2004 01:13
> To:
> Subject: Sessions in jax-rpc
> Hello All,
> I have developed a web service based on jax-rpc. It works
> fine, but now there are some requirements to manage the user
> sessions properly.
> I already had a simple session management, where each user
> has to login and logout and I maintain a persistent record of
> the connection. As we know, users are not always so smart (to
> logout)! Also, if the client-server connection fails for some
> reason, the user's record remains as logged in.
> So basically, I want to know if it's possible to manage
> sessions inside a web service. I know I can get the HTTP
> session from the ServletEndpointContext. But how do I manage
> the session invalidation? I tried using the
> HttpSessionListener, but it doesn't seem to catch any session events.
> I'm using JWSDP1.3. Any help will be really appreciated.
> Thanks and Regards,
> Sharib Anis
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail: