I don't think so, you are responsible for managing that e.g. you can have a table called sessions that have a sessionid or cookie has key another field that is the userid an another one to hold the expiredate plus additional information that you need on the login method insert or update that entry and return the key to the client all the other methods will look into that table to get the user id and additional information.

>>Yes but instead of passing the user name and password on each request you pass an id, also you can have the login call being done via SSL to protect the user name and password.
>
>If would do a call at first to InternetOpenUrl() which would store a cookie. Can that cookie be seen by a call from a Web Service client?