Clients cannot maintain sessions with JAX-RPC endpoints. There is a client and server aspect to sessions, and it is not obvious how to set this up.
The situation is that a client makes a call to the service, and the server responds and sets a cookie on the connection. From then on, the client sends back that same cookie with each call and the server can check it.
A JAX-RPC stub normally ignores the cookie that comes back. When the SESSION_MAINTAIN_PROPERTY is set to true, it sends back whatever cookie the server set on it.
On the server side, you need to add one field to your class and a method that sets it. The endpoint must implement javax.xml.rpc.server.ServiceLifecycle., and two methods must be added: destroy() (which can be empty) and init(Object context).
Add a ServletEndpointContext object to the endpoint; for example myServletEndpointContext. The init(Object context) method can be set as follows:
myServletEndpointContext = (ServletEndpointContext) context;
From then on, the business methods can access to the HttpSession with myServletEndpointContext.getHttpSession(). The first call to getHttpSession creates the session, if one does not already exist.
With this model, any method the client calls can get the session, set session attributes, get values from it, and so on. From then on, the client will send back the same cookie information.