Use JSP pages for URL rewriting
To use URL rewriting to maintain session state, do not include links to parts of the Web application in plain HTML files. This restriction is necessary because URL encoding cannot be used in plain HTML files.
To maintain state using URL rewriting, every page that the user requests during the session must have code that can be understood by the Java interpreter. If you have such plain HTML files in the Web application and portions of the site that the user might access during the session, convert them to JSP files.
This will impact the application writer, because, unlike maintaining sessions with cookies, maintaining sessions with URL rewriting requires that each JSP page in the application use URL encoding for every HREF attribute on <A> tags. Sessions will be lost if one or more JSP pages in an application do not call the encodeURL(String url) or encodeRedirectURL(String url) methods.
The JSP page code examples and changes presented on this page, while valid for older JSP pages, are not updated for the use of the JavaServer Pages Tag Library (JSTL). Most JSP page code in the starter stores is coded using JSTL, and for pages that use JSTL, you do not need to make changes to URLs constructed using <c:url> tag. This tag incorporates URL rewriting functionality automatically.
Write links
With URL rewriting, all links that you return to the browser or redirect must have the session ID appended to them. For example, this link in a Web page:
<a href="store/catalog">
...is rewritten as...
<a href="store/catalog;$jsessionid$DA32242SSGE2">
When the user clicks this link, the rewritten form of the URL is sent to the server as part of the client's request. The Servlet Engine recognizes ;$jsessionid$DA32242SSGE2 as the session ID and saves it for obtaining the proper HttpSession object for this user.
The following example shows how Java code may be embedded within a JSP file:
<% response.encodeURL ("/store/catalog"); %>
To rewrite the URLs you are returning to the browser, call the encodeURL() method in the JSP page before sending the URL to the output stream. For example, if a JSP page that does not use URL rewriting has
out.println("<a href=\"/store/catalog\">catalog</a>")"
...replace it with...
out.println("<a href=\""); out.println(response.encodeURL ("/store/catalog")); out.println("\">catalog</a>");
To rewrite the URLs you are redirecting, call the encodeRedirectURL() method. For example:
response.sendRedirect (response.encodeRedirectURL ("http://myhost/store/catalog"));
The encodeURL() and encodeRedirectURL() methods are part of the HttpServletResponse object. Both methods check to see if URL rewriting is configured before encoding the URL. If it is not configured, they return the original URL.
Write forms
To write forms for submission, call the response.encodeURL("Logon"); on the ACTION tag of the form page. For example:
<FORM NAME="Logon" METHOD="post" ACTION=<%= response.encodeURL ("Logon") %> > ... </FORM>
Write the first page
The entry page, usually the home page, cannot contain frames.
To use frames in the store, you can have a non-frame page with a link to the store act as the store's entry page. However, if the store does use frames and a customer tries to access those pages with frames without going through the entry page first, their session may be lost. Customers can also lose their session if they use the Back button (only with frames) to return to the entry page and refresh the entry page. Refreshing the entry page gives them a new session ID. A link back to the entry page as an alternative to the Back button is necessary to help prevent this type of session loss.
Related concepts