®

IBM Software Group

© 2007 IBM Corporation

URL Rewriting

4.1.0.3

2

After completing this unit, you should be able to: Describe what URL rewriting is used for Describe the use of URL rewriting for client data (session

related client data) Explain when to use URL rewriting

After completing this unit, you should be able to: Describe what URL rewriting is used for Describe the use of URL rewriting for client data (session

related client data) Explain when to use URL rewriting

Unit objectives

3

URL Rewriting (1 of 2) Always available option of session tracking May be used by the server to establish tracking session data

where a client does not accept a cookie Involves adding data to the URL path that can be interpreted

by the server on the next request to associate the request with a session

4

URL Rewriting (2 of 2) URL encoding for session ID passing

Requires the developer to: Use special encoding APIs Set up the site page flow to avoid losing the encoded information

Limits the flow of site pages exclusively to dynamically generated pages (such as pages generated by servlets or JSP pages)

Works by actually storing the session identifier in the page returned to the user

5

Servlet Code If the servlet returns HTML directly to the requester (without

using a JSP page), the servlet calls the encodeURL() method to encode the session IDThis method associates a session ID with a URL

out.println("<a href=\"");

out.println(response.encodeURL ("/store/catalog"));

out.println("\">catalog</a>");

Even pages using redirection (a common practice with servlet-JSP combinations) must encode the session ID as part of the redirect:

response.sendRedirect(response.encodeRedirectURL(

"http://myhost/store/catalog"));

6

JSP Code When JSP pages use URL encoding, the JSP page calls the encodeURL() and encodeRedirectURL() methods to encode the session ID:

response.sendRedirect(response.encodeRedirectURL("http://myhost/store/catalog"));

7

URL Rewriting and Cookies If the user clicks a link with a rewritten URL:

The web container recognizes and extracts the session ID The getSession() method uses the session ID to get the user's HttpSession object

If the user's browser does not support cookies and the user clicks an unrewritten URL:The user's session is lost

You should consistently use URL rewriting if your servlet is to support clients that do not support or accept cookies

8

Checkpoint

1. What is URL rewriting?2. When would you use URL rewriting instead of cookies?3. What is the danger if the user's browser does not support

cookies and the user clicks an URL that has not been rewritten?

9

Checkpoint solutions

1. It is a technique for maintaining the session ID across browser interactions. Essentially, the session ID is sent as part of the URL sent to the server.

2. If it is essential to your application that a session be maintained, you need to use URL rewriting. Otherwise, the client could disable cookies on his or her browser, and you would lose the session ID, and hence the session.

3. In this case, the URL sent back to the server would not contain the session ID, and there would be no cookie containing the ID either. The session would then be lost.

10

Having completed this unit, you should be able to: Use URL rewriting to pass the session ID Determine when URL rewriting is appropriate

Having completed this unit, you should be able to: Use URL rewriting to pass the session ID Determine when URL rewriting is appropriate

Unit summary