>Frankly, I have bad feelings about this: unless I'm missing something obvious, this is drifting away from the standard (not only we start to rely on external information carriers - and why should we? - but we are starting to confine our potential clients to a specific development framework). I know the cookie approach works but, at the risk of looking academic, what is the point of basing the interop communication on a protocol that is going to be contaminated?

Basically, the article mostly provides an approach that is the same as a Web application. For years, we have been using such an approach for such a need. As it is the case for a Web application, you are not only bound to use the cookie approach. If you wish, you can create a session variable or establish any other mecanism. It's up to you to decide which approach works best for you.

There's nothing wrong with SOAP 3 to be compliant with the way we use to work within a browser. We've been waiting for that since about a year now and I am quite happy that this is now compliant.

Just choose what is best for you.