RESTFul web service and session handling?

Hi,

we need to have session handling with our RESTFul web service. Sessions must be valid up to 10-13 hours.

What options are out there to do this? What is the easiest possibility? Web Service runs in JBoss.

Hi!
I can think of the following two approaches:
1) Use regular HTTP sessions with cookies or URL rewriting.
This has the advantage that there is already support in the servlet API etc.
2) Use some kind of session token that the client must enclose with each request.
Since you are contemplating a RESTful web service, I guess the HTTP headers is the place to put such a token.

Interested in hearing about other approaches, if there are any!
Best wishes!