Skip to main content
M
mark_la
Inspiring
February 24, 2009
Answered

WebServices and Sessions

  • February 24, 2009
  • 2 replies
  • 526 views
Hi,

Is there a way to maintain a session on the server for the duration of a series of web service requests for an individual consumer?

What I want to happen is something like this:
1. The consumer to invoke the webservice with a username/password combination in the SOAP header.
2. The web service authenticates the user against the database and inserts a session id in to the SOAP header.
3. The consumer makes another call to the webservice for some data and if the session id matches the session stored on the server, the web service will return the data for this and all subsequent requests that have the correct session id stored in the SOAP header.

Does anyone know if there a way I can do this, or do I have to write the data to a database and check against that for each call?
This topic has been closed for replies.
Correct answer Newsgroup_User
The first links from Google when I searched for coldfusion web service
cookies.

http://tjordahl.blogspot.com/2006/06/how-to-set-cookies-in-coldfusion-soap.html
http://tjordahl.blogspot.com/2006/06/how-to-get-web-service-response.html

2 replies

M
mark_laAuthor
Inspiring
February 25, 2009
Hi Ian,

Thanks for those links - I had come across Tom's blogs, but didn't see those entries. I'll try and follow those guidelines.

Cheers,
Mark
N
Newsgroup_User
Inspiring
February 24, 2009
mark_la wrote:
> Hi,
>
> Is there a way to maintain a session on the server for the duration of a
> series of web service requests for an individual consumer?
>

I don't know, but if extract how normal web browser requests maintain
sessions then maybe one can apply this to web service requests.

ColdFusion knows which requests belong to what sessions by the cfid and
cftoken values sent with every request; usually in cookies, but
alternately as get (aka URL) values. I would presume that if a web
service request could and would send these values with future request,
then session state could be maintained. But I sure have never tried to
do this.
M
mark_laAuthor
Inspiring
February 25, 2009
Hi Ian,

Thanks for your reply. From what I understand, and this may be incorrect, there is no persistent session or cookies available for me to use. If I make consecutive requests the session.sessionid changes each time, as does the cfid/cftoken. I don't think url variables are any good either in this instance, as the request will be coming from a dotnet application and not via a browser.

My theoretical solution is this:
1. To authenticate against the username/password in the soap header,
2. Create a uuid; logging this uuid in the database and then adding that uuid to the SOAP header.
3. Compare the uuid in the SOAP header against the uuid in the database and ensure that the access is authorised and timely.

Does this make sense? Is this good practice?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices