Albert Wong wrote:
> Hi
>
> How is a session maintained under the following scenario:
>
> Client:
> Disables cookies.
>
> Server:
> Servlet creates a session, uses RequestDispatcher.forward to forward the
> request to a JSP. The JSP creates and sends back an html form
> which submits to another servlet.
>
> At this point since no url rewriting occured and cookies are disabled, how
> is session state maintained?
>
Without cookies, it's not maintained in this scenario, unless your JSP page used
encodeURL() as it is supposed to. For example, you could write the following sorts
of things in your JSP page:
<a href="<%= response.encodeURL("the_next_url") %>">The next link</a>
>
> I know that every url on an HTML page should be encoded but in this case
> the programmer did not explicitly encode anything. Is this done
> automatically
> by the servlet engine?
>
Encoding is not done automatically by the servlet engine (although some platforms
may offer this as a feature, it's not portable). The best way to think about it is
that the servlet engine doesn't understand what it's sending -- it is just copying
streams of characters or bytes. In particular, there's no guarantee that a
response is HTML text, so there's no guarantee that it could recognize a hyperlink
that needed encoding from one that didn't, even if you wanted it to. (To say
nothing of the fact that you can use JavaScript to dynamically generate hyperlinks
at the client end ...)
>
> Thanks
> Albert
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
