Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

URL Re-writing, Bullet Proof Way?

 
Herbert Maosa
Ranch Hand
Posts: 289
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since we dont know whether our application is going to be accessed by a client that supports cookies, or whether the user has cookies turned off or not... why would it ever be sensible to use session tracking and/or cookes for client state information in an e-commerce app. Does it not follow that URL Re-writing should always be used???
Herbert.
 
Carl Trusiak
Sheriff
Posts: 3341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
URL rewriting has a slightly undisirable side effect. It shows the session id on the address line of the browser. This can lead to another side effect. If the user bookmarks this, everytime they use the bookmark, they send an invalid sessionid. It can cause an inappropriate message if your application tests for and sends a different message for an invalid session as compared to a new session.
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your question (to me) implies that you either use session tracking, or use URL re-writing. But you can use both.

Simply run every single URL that your JSP or servlet emits through the response.encodeURL() method and then you are covered for both.

If the user supports cookies, the URL is unchanged. If they cannot or will not accept the cookie, the URL is rewritten to include the session id.

As for another side effect, I think there are some versions of Netscape that cannot handle the semicolon in a rewritten URL. And there is also the problem of placing a rewritten URL in javascript.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic