This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes a Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "a Question" Watch "a Question" New topic

a Question

George Fung
Ranch Hand

Joined: Jun 12, 2003
Posts: 98
In the book SCWCD Exam Study Kit, it status something about session:
In general, URL rewriting is a very robust way to support sessions. We should use
this approach whenever we are uncertain about cookie support. However, it is important
to keep the following points in mind:
� We should encode all the URLs, including all the hyperlinks and action
attributes of the forms, in all the pages of the application.
� All the pages of the application should be dynamic. Because different users will
have different session IDs, there is no way to attach proper session IDs to the
URLs present in static HTML pages.
� All the static HTML pages must be run through a servlet, which would rewrite
the URLs while sending the pages to the client. Obviously, this can be a serious
performance bottleneck.

I can't understand about it. "there is no way to attach proper session IDs to the URLs present in static HTML pages"
Why?? Why only affect static HTML pages? hwo about dynamic?

To be obtained: SCEA 5
Engin Okucu
Ranch Hand

Joined: Feb 09, 2002
Posts: 174
It's easy to understand it.
Imagine you have a HTML page. Say me how can you send to the server from you html page the session you got before ?
HTML is a static and you cannot attach parameters with you HTML page.
When you do arequest you can do :

but if you send a request to a html page , it's not possible,
then http://localhost/MyPage.html?username=toto cannot be done.

How the web server will be able to know that is really YOU that has sent before some parameters with your name and username ?
If you had a servlet that has been sent to you and in this servlet you have used encoreURL() method, then the session ID created in this servlet is also sent to you.
1. HTML (firstname and username sent to the server)----> servlet(with encodeURL() method).
2.This servlet does create a session in this servlet.
3.The id of the session that wad created is attached in your URL, now you can send again to the server(again to a servlet and not HTML) wich will know that 's really YOU by checking if you have a session or not something like

HttpSession session = request.getSession();
if(session == null)

If it's not clear , let me know.
Good luck.
I agree. Here's the link:
subject: a Question
jQuery in Action, 3rd edition