web services / logonhanlder service

Hi all,

I'm writing some web services. The first web service is a logonhandler service. Where credentials are passed through and if the user is valid, generates a token. The token stored in a db. Then once the user is validated they have permission to use other web services.

My question, has anyone done something simliar to what I am trying to achieve? What is the best approach to take?

What I don't want is for a user to keep loging on, as this will be a pain in the backside. So what i'm thinking is generating a token, with a timestamp and keep checking the timestamp.

If the user hasn't done anything for say 30 mins, log them out.

What is the best way to check the timestamp for activity?

Sorry for all the naive questions, as you can probably tell i'm new to web services, and the information we hold is confidential, so the login service has to be secure

I hope someone can help

thanks

gill

Well.I am trying to do something similar to this. I posted it but so ar no reply.
I am trying to generate a SOAP message in java which has a header with WSSE information (Username, password) for the authentication.
Do you have any clue about this??

Have a look at the eBay SDK Java guide - you'll have to register, if you haven't already done so - it's free

eBay are doing what I want to achieve, their document is from a high level but is quite useful

If you get any further, let me know