File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes URL Re-writing, Bullet Proof Way? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "URL Re-writing, Bullet Proof Way?" Watch "URL Re-writing, Bullet Proof Way?" New topic

URL Re-writing, Bullet Proof Way?

Herbert Maosa
Ranch Hand

Joined: May 03, 2000
Posts: 289
Since we dont know whether our application is going to be accessed by a client that supports cookies, or whether the user has cookies turned off or not... why would it ever be sensible to use session tracking and/or cookes for client state information in an e-commerce app. Does it not follow that URL Re-writing should always be used???
Carl Trusiak

Joined: Jun 13, 2000
Posts: 3340
URL rewriting has a slightly undisirable side effect. It shows the session id on the address line of the browser. This can lead to another side effect. If the user bookmarks this, everytime they use the bookmark, they send an invalid sessionid. It can cause an inappropriate message if your application tests for and sends a different message for an invalid session as compared to a new session.

I Hope This Helps
Carl Trusiak, SCJP2, SCWCD
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Your question (to me) implies that you either use session tracking, or use URL re-writing. But you can use both.

Simply run every single URL that your JSP or servlet emits through the response.encodeURL() method and then you are covered for both.

If the user supports cookies, the URL is unchanged. If they cannot or will not accept the cookie, the URL is rewritten to include the session id.

As for another side effect, I think there are some versions of Netscape that cannot handle the semicolon in a rewritten URL. And there is also the problem of placing a rewritten URL in javascript.
I agree. Here's the link:
subject: URL Re-writing, Bullet Proof Way?
It's not a secret anymore!