• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

more questions about session and encodeURL()

 
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
After realizing session is a powerful tool and that there is a encodeURL(), I just come up with more questions ---

1. it seems "jsessionid" is normally stored in a cookie on the client side. so if a browser does NOT support cookie, then using encodeURL() is a must do. In other words, since we (the server side programmer) has no control over client side, we better ALWAYS use encodeURL(), does this make sense ?

2. instead of using encodeURL(), what if I simply do

String newURL = "/nextURL;jsessionid=" + session.getId();
RequestDispatcher rd = getServletContext().getRequestDispatcher(newURL);

3. if i use encodeURL, is following the right way to code ---

String newURL = res.encodeURL(oldURL);
RequestDispatcher rd = getServletContext().getRequestDispatcher(newURL);
rd.forward(req, res);

4. if I "forward()" to a JSP instead of servlet, do I still need to use "encodeURL" ?
 
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
1.

we better ALWAYS use encodeURL(), does this make sense ?


Yes

2.

instead of using encodeURL(), what if I simply do
String newURL = "/nextURL;jsessionid=" + session.getId();
RequestDispatcher rd = getServletContext().getRequestDispatcher(newURL);


Isn't it easier to simply use encodeURL()?

3.

String newURL = res.encodeURL(oldURL);
RequestDispatcher rd = getServletContext().getRequestDispatcher(newURL);
rd.forward(req, res);


This looks good. Here is an alternative:


4.

if I "forward()" to a JSP instead of servlet, do I still need to use "encodeURL" ?


No. When you forward you are sending the current request/response objects.
 
Frank Sikuluzu
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
please bear with me for few more questions ---

1. why don't I need to do "encodeURL" if it is "forward(req, res)" to a JSP page ? is it because I use "forward" or because it is to a JSP or servlet ?
Since I need to use "req.getSession" to get the HttpSession I feel I still need to do encodeURL in this case. Please help me clarify.

2. What if I , for safety reason, just use "encodeURL" anyway when I do "forward()", does it cause any extra harm ?

3. if it is a JSP page and there is a FORM

<FORM ACTION="/servlet/MyServlet"..>

And there is a session involved in this JSP page and certainly I would like to carry the session after I clic "sumbit" button. How do I apply "encodeURL" in the ACTION tag ?
 
Rusty Enisin
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
1. Because you use forward(request,response). The purpose in using encodeURL is in case cookies are not an option you have a fall back. The forward is communication between two servlets (or JSP, etc). The first servlet has already parsed the jsessionid and has it in the request object. When you use forward, you pass the request and response. So you are already passing all the info you need in the request object.

2. Go ahead. Knock yourself out. But I think you are burning extra processor cycles.

3. Same way. A JSP is a servlet. You have to put the code in the JSP though.

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic