some advice needed

Hello I'm writing some server-side web services. But now i'm stuck What i have doneso far is write some code that takes username and password and validatest them useing a backend db table. If ok i return a token, just a string with a random number in it My question - what do i do next I though of putting the value in a saop header so that calling web services (the clients) can use this token to make sure the user is valid and so that the user doen't have to keep logging on. Also i need to check the token is still valid e.g. check the timestamp, if it is about to expire renew it, otherwise redirect user to a login page Does this seem plausible Any help much apreciated

:confused: Hello I'm writing some server-side web services. But now i'm stuck What i have doneso far is write some code that takes username and password and validatest them useing a backend db table. If ok i return a token, just a string with a random number in it My question - what do i do next I though of putting the value in a saop header so that calling web services (the clients) can use this token to make sure the user is valid and so that the user doen't have to keep logging on. Also i need to check the token is still valid e.g. check the timestamp, if it is about to expire renew it, otherwise redirect user to a login page Does this seem plausible Any help much apreciated