Any form input data will automatically be passed from one action to the next. If you have data elements you wish to pass that are not displayed on the form, you can pass them by putting them in hidden fields via the html:hidden tag.
There are a few restrictions to this method:
Only strings can be passed this way. If you have other data types you want to pass, you must be responsible to convert them to and from String
Don't pass confidential data this way, as it is visible to any user who knows how to use the browser's view source function
If these restrictions make hidden fields an unacceptable alternative, your best option is just to bite the bullet and use the HTTPSession.
I knew about the hidden fields trick, however, the data I need to pass is confidential. I was thinking about some scriptlet on the jsp page like, <% Type anObject = (Type) request.getattribute("some.data"); request.setattribute("some.data", anObject); %>
but it doesn't seem to work, any ideas why?
Joined: Feb 15, 2005
You're forgetting how the JSP life cycle works. Any code in the JSP including custom tags and scriptlets runs before the page is sent to the browser. By the time the user looks at the page and presses the submit button, we've now started a new request, and the request object that existed when the page was being composed no longer exists (or at least is out of scope).
That's why your code doesn't work. It only takes something out of the request object and puts the same object back in again, which does you no good since that request object is gone by the time the next action is called.
Your best option in this case is to use the HTTPSession object to store the state.
If you absolutely, positively cannot use the HTTPSession, then you might try encrypting the sensitive information before it goes into the hidden field and then having the receiving action decrypt it. [ March 26, 2008: Message edited by: Merrill Higginson ]