URL rewriting is another way to support anonymous session tracking. With URL rewriting, every local URL the user might click on is dynamically modified, or rewritten, to include extra information. The extra information can be in the form of extra path information, added parameters, or some custom, server-specific URL change. Due to the limited space available in rewriting a URL, the extra information is usually limited to a unique session ID. For example, the following URLs have been rewritten to pass the session ID 123:

http://server:port/servlet/Rewritten                 original
http://server:port/servlet/Rewritten/123             extra path information
http://server:port/servlet/Rewritten?sessionid=123   added parameter
http://server:port/servlet/Rewritten;$sessionid$123  custom change

Each rewriting technique has its advantages and disadvantages. Using extra path information works on all servers, and it works as a target for forms that use both the GET and POST methods. It doesn’t work well if a servlet has to use the extra path information as true path information, however. Using an added parameter works on all servers too, but it fails as a target for forms that use the POST method, and it can cause parameter naming collisions. Using a custom, server-specific change works under all conditions for servers that support the change. Unfortunately, it doesn’t work at all for servers that don’t support the change.

Example 7.2 shows a revised version of our shopping cart viewer that uses URL rewriting ...