Web Service Session State

What I am trying to accomplish is to maintain a session for 24hours.
Here is the approach I am trying out:



Expose ASMX web service with a method called GetTicket(). The
AuthExtension SOAP extension expects a SOAP header with a username and
password. This is the only time that the credentials get sent over the
wire. The SOAP extension matches validates the user against the DB and
calls GenerateTicket() which returns a GUID to the client. At the same
time the GUID is saved in the DB along with the username and a
timestamp.



[AuthExtension]

[WebMethod(Description = "get session ticket")]

[SoapHeader("UserAuthen", Direction = SoapHeaderDirection.In)]

public string GetTicket()

{

//TODO validate sessionType

return UserAuthenticator.GenerateTicket(UserAuthen.id1);

}



Once the client has the ticket it can call other methods by passing the
ticket.



[AuthExtension]

[WebMethod(Description = "get current time")]

[SoapHeader("UserTicket", Direction = SoapHeaderDirection.In)]

public string GetTime()

{

return DateTime.Now.ToString();

}



Again, the SOAP header contains the ticket GUID and the SOAP extension
looks up the ticket GUID in the DB. Also it checks the timestamp time
differnce of 24hrs. If the ticket is over 24hrs old then the ticket is
invalid and client must obtain a new ticket by calling GetTIcket() with
his user/pass credentials.



I don't like this approach because the DB is hit every time a method is
called.

Is there a better way to keep session state for 24hrs, keeping in mind
that I want the client to connect even if IIS resets itself...



chris