Use JSP pages for URL rewriting

If you want to use URL rewriting to maintain session state, do not include links to parts of your Web application in plain HTML files. This restriction is necessary because URL encoding cannot be used in plain HTML files. To maintain state using URL rewriting, every page that the user requests during the session must have code that can be understood by the Java interpreter. If you have such plain HTML files in your Web application and portions of the site that the user might access during the session, convert them to JSP files.

This will impact the application writer, because, unlike maintaining sessions with cookies, maintaining sessions with URL rewriting requires that each JSP page in the application use URL encoding for every HREF attribute on <A> tags. Sessions will be lost if one or more JSP pages in an application do not call the encodeURL(String url) or encodeRedirectURL(String url) methods.

The JSP page code examples and changes presented on this page, while valid for older JSP pages, are not updated for the use of the JavaServer Pages Tag Library (JSTL). Most JSP page code in the WebSphere Commerce starter stores is coded using JSTL, and for pages that use JSTL, you do not need to make changes to URLs constructed using the <c:url> tag. This tag incorporates URL rewriting functionality automatically.

Writing links

With URL rewriting, all links that you return to the browser or redirect must have the session ID appended to them. For example, this link in a Web page:

<a href="store/catalog">


is rewritten as

<a href="store/catalog;$jsessionid$DA32242SSGE2"> 


When the user clicks this link, the rewritten form of the URL is sent to the server as part of the client's request. The Servlet Engine recognizes ;$jsessionid$DA32242SSGE2 as the session ID and saves it for obtaining the proper HttpSession object for this user.

The following example shows how Java code may be embedded within a JSP file:

<%
 response.encodeURL ("/store/catalog");
%>


To rewrite the URLs you are returning to the browser, call the encodeURL() method in your JSP page before sending the URL to the output stream. For example, if a JSP page that does not use URL rewriting has

out.println("<a href=\"/store/catalog\">catalog</a>")"


replace it with

out.println("<a href=\""); 
out.println(response.encodeURL ("/store/catalog")); 
out.println("\">catalog</a>");


To rewrite the URLs you are redirecting, call the encodeRedirectURL() method. For example:

response.sendRedirect (response.encodeRedirectURL ("http://myhost/store/catalog"));


The encodeURL() and encodeRedirectURL() methods are part of the HttpServletResponse object. Both methods check to see if URL rewriting is configured before encoding the URL. If it is not configured, they return the original URL.

Writing forms

To write forms for submission, call the response.encodeURL("Logon"); on the ACTION tag of the form page. For example:

<FORM NAME="Logon" METHOD="post" ACTION= <%= response.encodeURL ("Logon") %> >  
...   
</FORM>


Writing the first page

The entry page, usually the home page, cannot contain frames. If you want to use frames in your store, you can have a non-frame page with a link to the store act as the store's entry page. However, if the store does use frames and a customer tries to access those pages with frames without going through the entry page first, their session may be lost. Customers can also lose their session if they use the Back button (only with frames) to return to the entry page and refresh the entry page. Refreshing the entry page gives them a new session ID. A link back to the entry page as an alternative to the Back button is necessary to help prevent this type of session loss.

 

Related Concepts


Session management