axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Grant Echols \(JanusLogix\)" <gech...@januslogix.com>
Subject Re: MessageContext.setMaintainSession
Date Mon, 30 Sep 2002 16:44:56 GMT
Just an idea, but if the handler set a property in the session (e.g.
session.set(String name, Object value)) then it could check for the
existence of this property and act accordingly. I'm doing something like
this with a 'login' service right now.

Grant

----- Original Message -----
From: "Ricky Ho" <riho@cisco.com>
To: <axis-user@xml.apache.org>
Sent: Monday, September 30, 2002 10:34 AM
Subject: Re: MessageContext.setMaintainSession


> How does the handler detect the incoming request belongs to some existing
> sessions ?? (is it assessible via MessageContext ?)  And then throw a SOAP
> Fault if not.
>
> Rgds, Ricky
>
> At 10:29 AM 9/30/2002 +0200, Matthias Brunner wrote:
> >On Monday 30 September 2002 10:23, Jan-Olav Eide wrote:
> > > > When using HTTP cookies for session management the MS SOAP
> > > > library 3.0 supports this automatically. As for .net clients I
> > > > do not know but I think they will do the same.
> > >
> > > So what is the best way to gracefully detect and reject requests
> > > from (MS SOAP or Java) clients that are not session-enabled, given
> > > that my service requires that they should be ?
> >
> >IMHO, there is no standard way to detect this.
> >One possibility could be to require them to make two calls at the
> >start of a session. Clients not session-enabled will fail to make
> >the second call within the same session and will start a new session
> >with the second call, which can be detected. Thus a soap fault can
> >be returned.
> >--
> >Matthias Brunner <mb@blumenstrasse.vol.at>
> >PGP FP 7862 32B3 3B75 292A F76F  5042 8587 21AB 5B89 D501
> >Check out http://blumenstrasse.vol.at/~mb/gpgkey.asc
>
>


Mime
View raw message