FWIW the JSDK 2.2 spec explicitly specifies the parameter and means of encoding the
session ID in URLs. I think it would be very helpful to have an additional helper
method on the response object to encodeHiddenSessionField().
As it stands with current products you have to know the parameter name of the
session so you can output the appropriate field, like:
<INPUT TYPE=HIDDEN NAME="jrunsessionid" VALUE="<%= session.getId() %>">
In my experience you can use response.encodeURL() as the action with a form of
type METHOD=POST (if the web server and servlet container correctly parse both the
query string and post body), but the encoded session ID is overwritten on
METHOD=GET by the browser, giving the servlet programmer no reliable way of
maintaining session without adding a hidden field.
Eduardo/Sun team, any thoughts?
Wes
David Wall wrote:
> > * In a form :
> > <% String newURL=response.encodeUrl("page.jsp"); %>
> > <FORM METHOD=POST ACTION=<%=newURL%> >
>
> Good questions,
>
> Since form POSTs don't use parameters in the URL, it seems like there would
> be a problem. The session id for URL rewriting would need to be implemented
> as a hidden input field or the like, but that means hard-coding the name of
> the parameter used for session ids, and where do you get the value from?
>
> David
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> FAQs on JSP can be found at:
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
