axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ajith Ranabahu <>
Subject Re: [VOTE] [Axis2] Sessions on by default?
Date Fri, 30 Dec 2005 12:07:54 GMT
I'm on the "No sessions by default" camp. My reasonsing is that the common
perception of Web services is that they are stateless. (Am I wrong to assume
that 90% of the services are percieved to be stateless, at least the clients
do not expect them to act in a stateless manner ?)
So if we attach the session information 'by default' on to the request at
the client side, we would be attaching a functionality that the users are
not expecting !
Again this particular session we are talking about is the transport session
in HTTP. Aren't we trying to make the sessions for a SOAP request transport
neutral as far as possible ? Having the transport session is a luxury that
we gain due to the use of  HTTP but a true SOAP message could use any
transport, even the ones that may not support sessions such as SMTP. My
guess is we should not go overboard with the use of transport sessions here.


On 12/30/05, Sanjiva Weerawarana <> wrote:
> On Tue, 2005-12-27 at 09:39 +0100, Werner Dittmann wrote:
> > [X] - Don't switch on sessions by default
> >
> > Well, I'm not an Axis developer, but makeing web services
> > "statefull" (session aware) by default is IMO not a good idea.
> > If some web services need "session" it should be done deliberatly
> > because the system must take care of the session data.
> >
> > Just think about scaleability (load sharing) of webservices on
> > different servers using IP load balancers. If a service
> > needs some state (session data) this state must be replicated
> > to all servers by some means, otherwise you can't perform
> > load sharing. Such a thing has to be designed, your overall
> > solution must be aware of it etc etc.
> Werner, you've got it all backwards .. the issue is on the client side,
> not on the server. On the server if the service is session scoped then
> you *have to* create service contexts and store them against the cookie
> ID until they time out. *None* of the points you made apply to the
> situation at hand!
> The question Dims asked is about what the default should be for clients.
> I disagree with the apparently popular choice of no sessions because if
> a service has multiple operations then in most cases the operations have
> some relationships between them. The question really amounts to asking
> how often do people have session scoped services vs. application scoped
> services. If they are application scoped then basically the cookie stuff
> makes no difference: either the service is totally stateless and it
> ignores all context or its truly stateful and remembers something from
> every request.
> IMO the natural behavior should be to maintain sessions by default.
> That's what even Apache SOAP did back many years ago.
> I was out of town for a few days so was not able to reply in a timely
> manner to convince more voters :(. Can we have a re-vote based on the
> information that Werner's explanation does not apply at all and at least
> 3 people voted based on that?
> Sanjiva.

Ajith Ranabahu

View raw message