Esti Vanderkelen wrote:
when is it correct to pass data via an actionform, when via request parameters and when via session parameters?
There's no rule that dictates that. In general, I don't put anything on the page that isn't displayed to the user except perhaps a unique identifier for whatever is being edited (i.e. a database ID). I reserve session data for information that will not be edited, but will be referred to throughout the user's visit, for example, the user's name so we can display it in the header or a corporate affiliation so we can display a logo to customize the site.
That said, I can come up with exceptions to all those rules.
If you are thinking about changing the old code, don't. If it works, tinkering with it will probably break something because you don't know all the developer's assumptions. As I mentioned before, the far more glaring problem is that this application uses Struts 1.3.x, which is unsupported and has known issues.
If you are asking about the best practices for working with a modern framework, I would recommend consulting the documentation and tutorials for that framework.