How to manage sessions in a REST service with Spring 3 MVC and Weblogic?

Question

I've read that a REST service should be stateless but we're trying to implement a mobile service near to an existing web application, so we're trying to keep the same flow and be consistent.

Specifically:

1) login

we check for the username and password, "create" a session and response with a sessionid

then

2) choose role passing the sessionid

we store the role information in the session

and so on.

This is probably not the best approach but would be the simpler for our case.

Is this possible? How can I get the session with Spring/Weblogic?

Thanks for any info!

Answer 1

A session is in one way a cache with a time out. You could use whirly cache. code.google.com/p/whirlycache/ when creating it can speicfy the time out and max number of items.

When you get a valid login, make a random number of 10 or more digits, make sure its not already there in the cache (if there then re create a random number ... meaning unique in the current cache). [at login can also check number of items to make sure not reaching max - send alert if its near means you have more active users than anticipated or people are not logging out - maybe need another cache with key as active user ids so see if same person has not already got a active session, so reject if same user already has a session active, delete both on logout]

Now make your session object (a good idea is a lite user object with user id, security roles etc depending on your business requirements) and store it in the cache.

Now when other methods are called, they should accept a session id, check the cache if there is a matching session id key, get the user object and continue with validations and processing.