I am developing a simple web service using Nusoap and having problem when adding authentication.

Currently I am using setCredentials() method to attach username and password to request and getting them using $_SERVER['PHP_AUTH_USER'] in server side.

It works fine, but I don't want to authenticate the user for every call. So I need to maintain a session and according to my research, after the first authentication, the server needs to send something like 'session id' attached to the response header and the client should use this 'session id' in subsequent calls.

But I don't know how to set and get headers in both request and response. Could anyone help?

I'm really new to soap and session, so if there is anything wrong with my thoughts, please point it out. Thank you so much.

Finally, I figured out it myself. I used a very simple implementation and it is definitely insecure, but it may help some beginners like me.

First, by observing the Nusoap code I find it is very easy to set and get soap headers both in client and server.

client:

$client->getHeader();                 //return array containing header elements
$client->setHeaders('headerstring');

server:

$server->responseHeaders = 'headerstring';    //set response headers
$server->requestHeaders                       //get request headers 

Second, after first authentication using username/password, I saved the username in the session and sent session id to the client. Then the client sends this session id at next call instead of username/password.

server:

function someService (){
    global $server; 
    $valid = false; 
    $requestHeaders = $server->requestHeader;

    /*get session id from request header and open existing sid*/
    if(isset($requestHeaders['SessionToken'])){
            $sid = $requestHeaders['SessionToken'];
            session_id($sid);
    }

    session_start();

    /*if the user is not verified before, need to verify it*/
    if(!isset($_SESSION['user'])){
            $valid = verifyUser();
            if($valid){
                    $_SESSION['user'] = $_SERVER['PHP_AUTH_USER'];
            }
    }

    if($valid || isset($_SESSION['user'])){                                 //user verified or previously veirified.        
            $server->responseHeaders = '<SessionToken>'. session_id() .'</SessionToken>';
            /***
              some code goes here
            ***/
    }
    else{
            return new soap_fault(401,'', 'User is not verified!');
    }
}

client:

require_once "nusoap.php";
$client = new nusoap_client("auth.wsdl", true);

$authHeaders = $client->getHeader();
if(isset($authHeaders['SessionToken'])){
    $header = '<SessionToken>'. $authHeaders['SessionToken'] .'</SessionToken>';
    $client->setHeaders($header);
}
else{   
    $client->setCredentials('username','password','basic');
}

$result = $client->call("someService", array());

Again, above is very simple example and I am also a beginner. So if you have good suggestions, please let me know