Damian Fauth wrote:
> "Craig R. McClanahan" wrote:
> >
> > That is not the case. What you should do when you are creating your form is
> > something like this:
> >
> > <form action="<%= response.encodeURL("destination-URL") %>" method="POST">
> >
> > to ensure that the URL to which you are submitting the form is encoded if it
> > needs to be.
>
> Is this correct? Is it now portable across servlet engines to mix
> QueryString and POST'ed form parameters?
>
This has been the standard, portable, approach documented by the servlet API since
session management was added in version 2.0 (at least a couple years ago).
>
> >From memory there was some issue regarding which of these parameters
> took precedence (or indeed even if they could be merged) in earlier
> versions of the servlet API - or has this been cleared up in 2.2?
>
You cannot assume that session ids are passed as query parameters even in
earlier-than-2.2 servlet engines. Apache JServ happened to do it that way, but
other engines (like JWS) certainly did not.
The 2.2 spec clarifies the way encoding must be done for 2.2+ engines. In
particular, if you are using URL rewriting, the session id must be encoded as a path
parameter named "jsessionid", not a query parameter. For example:
http://www.mycompany.com/myservlet;jsessionid=1234?param1=value1¶m2=value2
If you use the portable version (encodeURL, as above), you will have zero problems
with this when your servlet engine vendor switches to the new standard, or when you
switch to a different servlet engine. Otherwise, you're quite likely to have lots
of grief.
By the way, the issue of parameter precedence on POST requests was also cleared up
(query parameters from the request URL show up first, followed by ones from the
form) -- but that is no longer an issue for session id management because query
parameters may no longer be used for this.
>
> Damian
>
Craig
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
