I am using a employee list page, from there I need to pass the employee id using html:link to a view page. Can any one help me how to hide the id passed in query string. When I use <html:link tag the id gets visible in the URL. I am not able to use <html:hidden as I dont have a html:form in my list page.
But I dont have a form as it is a list page. I am using logic:iterate to get all employee list. When I click view button, I have to pass the id of that employee which should not be visible in the URL as there are chances of other users apart from administrator to get in to the page. Can you help me what to do here?
Like what <html:hidden does. I need some equivalent to <html:hidden for non form pages. [ November 23, 2007: Message edited by: Ananth Chellathurai ]
Joined: Feb 15, 2005
You can't hide parameters in the query string, but you can encrypt them. You could simply encrypt the ID in the JSP and then unencrypt it in the Action Class. Below is a link to an open source project designed to encrypt query string parameters.
First, I wanted to point out that hidden field are not secure. Anybody with a few brain cells can install a browser plug-in that will let them change hidden fields. With that said it seems like it would be pretty easy to add a form to your page. The onclick of the link could set the value of a hidden field and submit the form.
The link that Merrill gave is interesting. I recall seeing another project that did similar things.