Transport Session Management with Axis2

Deepal Jayasinghe explains..
Date: Sun, 6th Apr, 2008
Level: Introductory
Reads: 5412 Comments: 0 | Login or register to post comments
Deepal Jayasingha

WSO2 Inc.

As we are aware, Web services are designed to be stateless. However, based on my past experiences, I'd say that it would be quite difficult to develop any system average compleity without session support.

Think about an on-line shopping application. A user would logs in to the system, browses through the site and may decide to buy some or log out. This is the standard sequence of activities an average user follows. Here, we have two approaches in identifying the user. One, is for the user to send all his data for every single request. Two, for the server to keep track of the users. In either case, there are sessions associated. 

However, with Web services, there is no specification (within the Web services stacks) that's implemented to support sessions. In other words, we cannot talk about a SOAP level session, like we do about SOAP level reliability or security. The only place we can discuss on session support is at transport levels. HTTP cookie is a way of managing sessions.

If you set the following option on Axis2 client side, then Axis2 will copy the cookie from a request and send that in the response. However, by default, it only copies JSESSIONID. If the application server or the SOAP stack sends some other session key, then we will need to perform an additional step.

 

Options.setManageSession(true);

 

If you receive the following response, then Axis2 will automatically copy the cookie and send that in the next request.

 

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=BF6F055BF6F3C99B544BFA3C09ED4185; Path=/axis2

Content-Type: application/xml;charset=UTF-8

Transfer-Encoding: chunked

Date: Sun, 06 Apr 2008 03:40:28 GMT

 

 

If the cookie key is anything other than 'JSESSIONID, then we need to set an additional property to copy that. For example, say we get a response such as the described below:

 

HTTP/1.1 200 OK

Server: Foo Server/1.1

Set-Cookie: SESSION_ID=BF6F055BF6F3C99B544BFA3C09ED4185;

Content-Type: application/xml;charset=UTF-8

Transfer-Encoding: chunked

Date: Sun, 06 Apr 2008 03:40:28 GMT

 

Then we need to add the following property to the option object.

Options.setProperty(“customCookieID”, “SESSION_ID”);