In the book SCWCD Exam Study Kit, it status something about session: In general, URL rewriting is a very robust way to support sessions. We should use this approach whenever we are uncertain about cookie support. However, it is important to keep the following points in mind: � We should encode all the URLs, including all the hyperlinks and action attributes of the forms, in all the pages of the application. � All the pages of the application should be dynamic. Because different users will have different session IDs, there is no way to attach proper session IDs to the URLs present in static HTML pages. � All the static HTML pages must be run through a servlet, which would rewrite the URLs while sending the pages to the client. Obviously, this can be a serious performance bottleneck.
I can't understand about it. "there is no way to attach proper session IDs to the URLs present in static HTML pages" Why?? Why only affect static HTML pages? hwo about dynamic?
SCJP, SCJD, SCWCD, SCBCD, SCEA, SCJP6
To be obtained: SCEA 5
It's easy to understand it. Imagine you have a HTML page. Say me how can you send to the server from you html page the session you got before ? HTML is a static and you cannot attach parameters with you HTML page. When you do arequest you can do : http://localhost/MyServlet?username=toto
How the web server will be able to know that is really YOU that has sent before some parameters with your name and username ? If you had a servlet that has been sent to you and in this servlet you have used encoreURL() method, then the session ID created in this servlet is also sent to you. 1. HTML (firstname and username sent to the server)----> servlet(with encodeURL() method). 2.This servlet does create a session in this servlet. 3.The id of the session that wad created is attached in your URL, now you can send again to the server(again to a servlet and not HTML) wich will know that 's really YOU by checking if you have a session or not something like