How can I manage users' sessions when I use web services?

manage users salesforce
manage users windows 10
manage users docusign
zoom user management
manage users qbo
how to give manage users permission in salesforce
manage users google
salesforce user management best practices

In case if user works with web application via web browser, the user's session is managed by application server. It takes care of sessions creation, validation, timeouts, disposings, etc.

And as far as I know there is no such mechanisms in the other case, if user works with app via remote client and uses SOAP web services.

So the question is, how can we manage users' sessions in case of web services and implement the same mechanisms of session management such as invalidation, prolongation, disposing?

Assuming you use JAX-WS and SOAP/HTTP it is possible to work with container managed security (and e.g. session cookies) as well. You just have to inject WebServiceContext in your service. It allows access to all HTTP environment variables:

WebServiceContext wsContext;

A detailed example is available here. Of course, your clients must support this as well (if they are JAX-WS based it works). Nevertheless, a rule of thumb is that web services should not maintain any state at all, they should behave stateless. See this on SO.

Edit: You can access the ServletRequest by:

public void foo() {
    final MessageContext mc = this.wsContext.getMessageContext();
    final ServletRequest sr = mc.get(MessageContext.SERVLET_REQUEST);

    /* works if this is a HTTP(s) request */
    if (sr != null && sr instanceof HttpServletRequest) {
        final HttpServletRequest hsr = (HttpServletRequest) sr;

        /* ... */

    } else {
        /* do some exceptional stuff */


The session created above should behave in exactly the same way as a 'standard' web session. You must make sure that your clients understand that as well. They have to submit the session identifier (cookie) on each subsequent call.

Best Practices, This guide covers the best practices for user management. Managed Users and External Users. First off, it's important that you understand the  Manage User Accounts and Settings in Windows 10. Understand user accounts and permissions. Create and manage user accounts. Manage account pictures and passwords. Customize your sign-in options. Skills review. Practice tasks.

I think you are talking about how to maintain web-services session(state-full web-services). In this case following link can help you:

Manage users and access levels for your manager account, To avoid this issue, make sure to communicate to all users about roles and responsibilities for account management and changes to the account. Instructions  How to remove a local user in Windows 10. Click on the *Start menu**. It's the Windows logo in the bottom left of your screen. Click on Settings . Click on Accounts . Click on Family & other users . Click on the account you wish to remove. Click on the remove button. Click on the Delete account and

View and Manage Users, In the user list, you can view and manage all users in your org, partner portal, and Salesforce Customer Portal. Create Additional Accounts. You’ll create your first Windows 10 account when you first set up and configure a new Windows 10 PC. If you want to add another user to your computer, you can do so by opening Start > Settings > Accounts > Family & other people. Under Other people, click Add someone else to this PC.

Manage Users and Admins - LogMeIn Support, HELP FILE. Manage Users and Admins. Service Desk offers multiple levels of user roles and permissions. Each of these user roles is given their own credentials  To open the Computer Management console, do any of the following: Right-click the Start button, and then click Computer Management . On the Start menu, click All Apps . In the All Apps list, expand the Windows Administrative Tools folder, and then click Computer Management . Enter computer

Managing users – Zoom Help Center, User management allows account owners and admins to manage their users, such as add, delete, and assign roles and add-on features. This article covers:. In the navigation menu, click User Management then Users. Click the Pending tab to see users that haven't confirmed their accounts: If a user hasn't accept their invitation and can no longer find it in their inbox, you can resend the confirmation email to them using the Resend button.

IAM - Manage Users, You can manage permissions in order to control which operations a user can perform. IAM users can be: 1. Privileged administrators who need console access to  Under User profiles, select Open. Under People, select Manage User Profiles. Enter the user's name and select Find. Right-click the user, and then select Manage site collection owners. Add and remove admins for the OneDrive, and then select OK.

  • So if I not mistaken I can only get context with help of WebServiceContext. Is it possible, for example, create new session and somehow store it container?
  • @sainr: If I remember correctly - yes. I'll modify my answer.
  • Thanks a lot for your answer, I'll try it.
  • @home So then applications utilizing a WS as the back-end maintain their session solely through the front-end e.g. localStorage?
  • I thought using browser storage was bad because it can overwritten by other applications using it, and it has to be encrypted, whereas on the server, it won't be overwritten
  • Thank you for your answer, the link above is quite helpful.
  • @jaxb Link is dead now.