Create Procedure CheckPassword
(
  @username varchar( 20 ),
  @password varchar( 20 ),
  @sessionkey uniqueidentifier Output,
  @expiration DateTime Output,
  @userID int Output,
  @role int Output
)
As
Select
  @userID = userid,
  @role = role
  From WebServiceUsers
  Where username = @username
  And password = @password

If @userID Is Not Null
  Begin
  SET @sessionkey = NEWID()
  SET @expiration = DateAdd( mi, 30, GetDate() )
  Insert SessionKeys
  (
    session_key,
    session_expiration,
    session_userID,
    session_username,
    session_role
  ) values (
   @sessionkey,
   @expiration,
   @userID,
   @username,
   @role
  )
  End
Else
  Return -1