Enable URL Rewriting
Session tracking is necessary for any application that depends on information submitted through multiple requests. While a session ID cookie is usually sufficient for the web container to manage session tracking, it’s not guaranteed to work for all clients; some users disable cookie support in their browsers, and cookie support is not a given in browsers for small devices, such as a WML browser.
To handle cookie-less session tracking, web containers provide URL rewriting as a backup mechanism. URL rewriting works by embedding the session ID in all URLs in the generated response, ensuring that the session ID is returned to the container when the user clicks a link or submits a form embedded in the response.
URL rewriting requires the page author to encode all URLs pointing
back to the web application. It’s easy to do with
the JSTL
<c:url>
action:
<a href="<c:url value="details.do?id=${prod.id}"/>">
<c:out value="${prod.name}"/></a>Even for an application in which you can make demands on the browsers being used (e.g., an intranet application), it’s a good idea to do this up front to prepare for the day when you no longer have this control.
Get Java Enterprise Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
