I'm on the "No sessions by default" camp. My reasonsing is that the common perception of Web services is that they are stateless. (Am I wrong to assume that 90% of the services are percieved to be stateless, at least the clients do not expect them to act in a stateless manner ?)
So if we attach the session information 'by default' on to the request at the client side, we would be attaching a functionality that the users are not expecting !
Again this particular session we are talking about is the transport session in HTTP. Aren't we trying to make the sessions for a SOAP request transport neutral as far as possible ? Having the transport session is a luxury that we gain due to the use of  HTTP but a true SOAP message could use any transport, even the ones that may not support sessions such as SMTP. My guess is we should not go overboard with the use of transport sessions here.


On 12/30/05, Sanjiva Weerawarana <sanjiva@opensource.lk> wrote:
On Tue, 2005-12-27 at 09:39 +0100, Werner Dittmann wrote:
> [X] - Don't switch on sessions by default
> Well, I'm not an Axis developer, but makeing web services
> "statefull" (session aware) by default is IMO not a good idea.
> If some web services need "session" it should be done deliberatly
> because the system must take care of the session data.
> Just think about scaleability (load sharing) of webservices on
> different servers using IP load balancers. If a service
> needs some state (session data) this state must be replicated
> to all servers by some means, otherwise you can't perform
> load sharing. Such a thing has to be designed, your overall
> solution must be aware of it etc etc.

Werner, you've got it all backwards .. the issue is on the client side,
not on the server. On the server if the service is session scoped then
you *have to* create service contexts and store them against the cookie
ID until they time out. *None* of the points you made apply to the
situation at hand!

The question Dims asked is about what the default should be for clients.
I disagree with the apparently popular choice of no sessions because if
a service has multiple operations then in most cases the operations have
some relationships between them. The question really amounts to asking
how often do people have session scoped services vs. application scoped
services. If they are application scoped then basically the cookie stuff
makes no difference: either the service is totally stateless and it
ignores all context or its truly stateful and remembers something from
every request.

IMO the natural behavior should be to maintain sessions by default.
That's what even Apache SOAP did back many years ago.

I was out of town for a few days so was not able to reply in a timely
manner to convince more voters :(. Can we have a re-vote based on the
information that Werner's explanation does not apply at all and at least
3 people voted based on that?


Ajith Ranabahu