I am developing an enterprise app where I need to pass a Session ID in REST requests which will pass the same id in my EJB methods.
The approach I have taken is-
1. Create a Session ID whenever user logins. Use this session id to pass as Header Param in each api except login. (I am still figuring out how to exclude one REST API)
2. Use this session id in the Header and pass it to each EJB. (How to read header param in subsequent Rest calls after interceptor is invoked.)
Can anyone please let me know, if this is the right way to go.
Also, will generating a one-way hash for creating a session token useful rather than sending a auto-generated primary key?
Retrieving data ...