I'm writing some web services. The first web service is a logonhandler service. Where credentials are passed through and if the user is valid, generates a token. The token stored in a db. Then once the user is validated they have permission to use other web services.
My question, has anyone done something simliar to what I am trying to achieve? What is the best approach to take?
What I don't want is for a user to keep loging on, as this will be a pain in the backside. So what i'm thinking is generating a token, with a timestamp and keep checking the timestamp.
If the user hasn't done anything for say 30 mins, log them out.
What is the best way to check the timestamp for activity?
Sorry for all the naive questions, as you can probably tell i'm new to web services, and the information we hold is confidential, so the login service has to be secure
Well.I am trying to do something similar to this. I posted it but so ar no reply. I am trying to generate a SOAP message in java which has a header with WSSE information (Username, password) for the authentication. Do you have any clue about this??
Joined: Apr 15, 2005
Have a look at the eBay SDK Java guide - you'll have to register, if you haven't already done so - it's free
eBay are doing what I want to achieve, their document is from a high level but is quite useful