After realizing session is a powerful tool and that there is a encodeURL(), I just come up with more questions ---
1. it seems "jsessionid" is normally stored in a cookie on the client side. so if a browser does NOT support cookie, then using encodeURL() is a must do. In other words, since we (the server side programmer) has no control over client side, we better ALWAYS use encodeURL(), does this make sense ?
2. instead of using encodeURL(), what if I simply do
if I "forward()" to a JSP instead of servlet, do I still need to use "encodeURL" ?
No. When you forward you are sending the current request/response objects.
The squeaky wheel gets the grease. Well, that or replaced...
Joined: Dec 16, 2003
please bear with me for few more questions ---
1. why don't I need to do "encodeURL" if it is "forward(req, res)" to a JSP page ? is it because I use "forward" or because it is to a JSP or servlet ? Since I need to use "req.getSession" to get the HttpSession I feel I still need to do encodeURL in this case. Please help me clarify.
2. What if I , for safety reason, just use "encodeURL" anyway when I do "forward()", does it cause any extra harm ?
3. if it is a JSP page and there is a FORM
And there is a session involved in this JSP page and certainly I would like to carry the session after I clic "sumbit" button. How do I apply "encodeURL" in the ACTION tag ?
Joined: May 26, 2005
1. Because you use forward(request,response). The purpose in using encodeURL is in case cookies are not an option you have a fall back. The forward is communication between two servlets (or JSP, etc). The first servlet has already parsed the jsessionid and has it in the request object. When you use forward, you pass the request and response. So you are already passing all the info you need in the request object.
2. Go ahead. Knock yourself out. But I think you are burning extra processor cycles.
3. Same way. A JSP is a servlet. You have to put the code in the JSP though.