Maintenance of a Stateless Java Session
The optional SOAP header parameter <SessionKeepAlive> allows
a client to instruct the Oracle CRM On Demand server
to keep the Java session open after a stateless request has been processed.
By specifying the optional <SessionKeepAlive> parameter with a
value of true in the SOAP header of a stateless request,
the Java session will not be logged off by Oracle CRM On Demand after
the request has been processed, and OM session pooling will continue
to be used. In addition, the JSESSIONID value that is returned in
the SOAP response can be used to authenticate future requests allowing
them to reuse the same Java session, without having to reauthenticate.
This is especially useful when SAML assertions are used for authentication,
as it eliminates multiple round-trips to the Identity Provider when
multiple requests are being processed for the same user.
For stateless requests where the <SessionKeepAlive> parameter is set to false, where it is empty, or where <SessionKeepAlive> is not present, the Java session will be logged off by Oracle CRM On Demand after the request has been processed.
Unlike stateful Web services sessions, there is no logoff command for stateless requests. Java sessions will be logged off by the Oracle CRM On Demand server following a period of inactivity. Any attempt to use a JSESSIONID value for a Java session that has expired, will result in an error being returned to the client for that request. Stateless requests must provide either a valid JSESSIONID value or valid user credentials (SSO token, SAML assertion or UserName and Password) to authenticate. Any request lacking either a valid JSESSIONID value or valid user credentials will be rejected.
The following is an example of a SOAP header containing the <SessionKeepAlive> element:
<soap:Header>
	<crmod:SessionKeepAlive xmlns:crmod="urn:crmondemand/ws">true
	</crmod:SessionKeepAlive>
	<wsse:Security>
		<wsse:SecurityTokenReference>
			<wsse:KeyIdentifier ValueType="http://schemas.crmondemand.com/ws/2011/01/
			secext#SSOTokenKeyIdentifier">$6$qx6pJ/rGFlDyJBy91C3Uxifc3oDEg/
			Sshtrsyj2z27RoHmO5M=;$6$jWkqu/
			HvIXoqw2FoHx10GDcYDc5WdZ2UV4v1G06AMEBNbWZv0JZinyJ1C4v7OHJR4OQVhZ4J3X+U/
			EvrP1c82LYHVOHA==</wsse:KeyIdentifier>
		</wsse:SecurityTokenReference>
	</wsse:Security>
</soap:Header>