HttpSessionScope is not working

Hello ranchers!

I'm a newbie to WebServices in Java.
I'm trying to use HttpSessionScope in my project, but for some reason the session is not remembered.

I created the following code to test what's going wrong.
The idea is to
- call for "init" WS method to initialize rand variable with a random int - "session id" & print the id number in GlassFish Server output window in NetBeans.
- afterward, call for getIdmethod. This will print the id number .
The value should stay the same.

The problem is that when calling getIdmethod i get 0 as value.
It looks like the value that has been initialized is lost.

Why does it happen?
What I'm doing wrong? Been trying to figure out for hours

Thank you in advance, Danny


package com.welcomesoap; import com.sun.xml.ws.developer.servlet.HttpSessionScope; import javax.jws.WebService; import javax.jws.WebMethod; import java.util.Random; @HttpSessionScope @WebService() public class WelcomeSOAP { private static final Random randomObject = new Random(); private int rand; @WebMethod(operationName = "getId") public void getId() { System.out.println(rand); } @WebMethod(operationName = "init") public void init() { rand = Integer.valueOf(randomObject.nextInt(10000)); System.out.println("init " + rand); } }

I had to import javax.xml.ws.BindingProvider; and add ( (BindingProvider) welcomeSOAPProxy ).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY, true ); in the client code.
Here is the condensed code:

package com.deitel.welcomesoapclient; import com.deitel.welcomesoap.WelcomeSOAP; import com.deitel.welcomesoap.WelcomeSOAPService; import javax.xml.ws.BindingProvider; public class WelcomeSOAPClientJFrame extends javax.swing.JFrame { private WelcomeSOAP welcomeSOAPProxy; public WelcomeSOAPClientJFrame() { initComponents(); try { WelcomeSOAPService service = new WelcomeSOAPService(); welcomeSOAPProxy = service.getWelcomeSOAPPort(); // enable session tracking ((BindingProvider) welcomeSOAPProxy).getRequestContext().put( BindingProvider.SESSION_MAINTAIN_PROPERTY, true); } catch (Exception exception) { exception.printStackTrace(); System.exit(1); } // end catch } // end constructor private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) { welcomeSOAPProxy.init(); } private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) { String message = Integer.toString(welcomeSOAPProxy.getId()); System.out.println(message); } /* Create and display the form */ java.awt.EventQueue.invokeLater(new Runnable() { public void run() { new WelcomeSOAPClientJFrame().setVisible(true); } }); } }

Using HTTP sessions for WS is generally considered bad design. The usual approach for authentication would be to for the initial response to send back a cryptologically secure authentication token which is then passed along with all subsequent requests.