Session sharing in webservice

Question

I am using a gwt based application and I want to introduce web service [Apache CXF ] to provide access business layer to other application which is build up in other technology like php, iphone and android.

As per client requirement,

->create gui pages in php
->create login module (with oauth concept) in php 
->Use php webservice for login process 
->Use java webservice to access business layer

Now my question is to access particular business layer for security reason we have to maintain user session some how. right?

so as I mention requirement how can I manage session in my Java EE app server. should I have to create a session for per user request?

How could I maintain session for user if my login module on Apache server?

Note: Please note that my login is using a php app which has some oauth feature and that will redirect to Java EE app.

Answer 1

Passing JSESSIONID between instances of application server will do you nothing. Unless sessions are clustered, each application has it's own session container and cannot be shared, (unless you write a custom valve that will search for all sessions in application server). Plus WS does not have a notion of http session, you would have to implement your own mechanism. Plese elaborate what are you trying to achieve? And then we will be able to help you more.