I am confused about where to store login credentials if I use a stateful session bean to store session data. To retrieve anything from the SFSB, what would be the key? In most applications I've worked on the user Id is stored in the HTTPSession and is propogated to the
EJB layer when required.