Shane, I can confirm that I no longer get the NPE. httpSession.getAttribute("userId") is still returning null though. Cheers, Chris. PS - my WS code is given in the original post. To complete the picture, here is my client call and how to get at the JSESSIONID: final DevelopmentService_Service service = new DevelopmentService_Service(); | final DevelopmentService proxy = service.getDevelopmentServicePort(); | | ((BindingProvider)proxy).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY, true); | | // the following web service call will create a new HttpSession | // and attempt a login using the supplied credentials | final boolean result = proxy.login(username, password); | | // Extract the JSESSIONID cookie from the response. | final Map responseMap = ((BindingProvider)proxy).getResponseContext(); | | final Map headerValues = (Map)responseMap.get(MessageContext.HTTP_RESPONSE_HEADERS); | | final List<String> cookieHeaders = (List<String>) headerValues.get("Set-Cookie"); | | // You can then use HttpCookie.parse() to parse and process the cookies and test for JSESSIONID etc. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069171#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...