Using JSP pages for URL rewriting
If you want to use URL rewriting to maintain session state, do not include links to parts of your Web application in plain HTML files. This restriction is necessary because URL encoding cannot be used in plain HTML files. To maintain state using URL rewriting, every page that the user requests during the session must have code that can be understood by the Java interpreter. If you have such plain HTML files in your Web application and portions of the site that the user might access during the session, convert them to JSP files.
About this task
This will impact the application writer, because, unlike
maintaining sessions with cookies, maintaining sessions with URL rewriting
requires that each JSP page in the application use URL encoding for
every HREF
attribute on <A>
tags.
Sessions will be lost if one or more JSP pages in an application do
not call the encodeURL(String url)
or encodeRedirectURL(String
url)
methods.
Writing links
With URL rewriting, all links that you return to the browser or redirect must have the session ID appended to them. For example, this link in a Web page:
<a href="store/catalog">
is rewritten as
<a href="store/catalog;$jsessionid$DA32242SSGE2">
When the user clicks this link, the rewritten form
of the URL is sent to the server as part of the client's request.
The Servlet Engine recognizes ;$jsessionid$DA32242SSGE2
as
the session ID and saves it for obtaining the proper HttpSession
object
for this user.
The following example shows how Java code may be embedded within a JSP file:
<%
response.encodeURL ("/store/catalog");
%>
To rewrite the URLs you are returning to the browser,
call the encodeURL()
method in your JSP page before
sending the URL to the output stream. For example, if a JSP page that
does not use URL rewriting has
out.println("<a href=\"/store/catalog\">catalog</a>")"
replace it with
out.println("<a href=\"");
out.println(response.encodeURL ("/store/catalog"));
out.println("\">catalog</a>");
To rewrite the URLs you are redirecting, call the encodeRedirectURL()
method.
For example:
response.sendRedirect (response.encodeRedirectURL ("http://myhost/store/catalog"));
The encodeURL()
and encodeRedirectURL()
methods
are part of the HttpServletResponse
object. Both
methods check to see if URL rewriting is configured before encoding
the URL. If it is not configured, they return the original URL.
Writing forms
To write forms for submission,
call the response.encodeURL("Logon");
on the ACTION
tag
of the form page. For example:
<FORM NAME="Logon" METHOD="post" ACTION= <%= response.encodeURL ("Logon") %> >
...
</FORM>
Writing the first page
The entry page, usually the home page, cannot contain frames. If you want to use frames in your store, you can have a non-frame page with a link to the store act as the store's entry page. However, if the store does use frames and a customer tries to access those pages with frames without going through the entry page first, their session may be lost. Customers can also lose their session if they use the Back button (only with frames) to return to the entry page and refresh the entry page. Refreshing the entry page gives them a new session ID. A link back to the entry page as an alternative to the Back button is necessary to help prevent this type of session loss.