Adding transcript text Here for easy reference
"Deepak added a token to authorize to the webservices. You login once, get back a token and this token allows to keep the session open in iDempiere and not authorize with every request. We create a new table to keep the tokens. It would be good if we can keep the whole session of the webservices request for the following requests. Deepak did not yet finish his work. (JIRA)
When a client logs in to the webservice it can use both ways of authentication: Give all credentials or use the token. You can even give both to automatically login again if the token expired"
Here is my full proposal.
In Login section of request, We should make all field other then username as optional. Add one more optional field as token.
When first time webservice request made, it should contain all login information except token. Response of such login will have Token. Client can send next call with just userName and token. This token will be expired in configurable time.