I totally disagree with Kyle that the idea of passing session information in webservices somehow violates design ideas or negates the benefits of Web Services. Web Services is ultimately a mechanism for software component interaction. Theres no reason against or shortfall that you will encounter with using session information in Web Services.
The best way to pass session information is to include a session id in the SOAP Header. In AXIS, heres how you can do this:
class SOAPInvocationHandler implements InvocationHandler
{
String endpoint;
Service service;
Call call;
public SOAPInvocationHandler(String _endpoint)
{
endpoint = _endpoint;
service = new Service();
try
{
call = (Call)service.createCall();
// SET YOUR HEADER HERE.
call.addHeader(instanceOfSOAPHeaderElement);
}
catch(ServiceException se)
{
se.printStackTrace();
}
}
// your invoke method
public Object invoke(Object proxy, Method method, Object[] args)
{
}
}
In fact, the SOAP Standard supports this. For more information, the W3C recommendation can be accessed here:
http://www.w3.org/TR/soap12-part1/ Section 5.2.1 covers custom header elements. Basically what they are saying is that while not every SOAP Processing engine must understand your unique element, no processor should crash on it.
This code also demonstrates creating an object proxy which can be useful on client-side programming.
Cheers,
Brian Abbott