hi Hendrik,
thanx for the reply
but the problem now is that i don't know what to do with the id of the
session
since the interface HttpSessionContext is deprecated
so..i have to go back and forth from JSP to servlet.. and store all the
session (with relative ids) in an Hashtable in the Servlet
do u have any other possible solutions??
thanx in advance & regards
marco
> -----Original Message-----
> From: EXT Hendrik Schreiber [mailto:[EMAIL PROTECTED]]
> Sent: 16. August 2000 11:59
> To: [EMAIL PROTECTED]
> Subject: Re: url rewriting for sessions
>
>
> Hi!
>
> URL rewriting means that a URL in a page, that your JSP or
> servlets produces, is
> encoded with the method response.encodeURL(String yourURL).
>
> So in a JSP instead of writing:
> <a href="someURL">target</a>
>
> you should write:
> <a href="<%=response.encodeURL("someURL")%>">target</a>
>
> pretty much the same applies to servlets.
>
> And that is exactly the limitation: you have to rewrite every
> single URL you
> produce!
> The session id is sent back from the client to the server by
> clicking on the
> encoded link.
> Contrary to Cookies, URL rewriting does not make use of headers.
>
> If you want to make sure everybody out there shall be able to
> use your application,
> use URL rewriting where necessary (see
> request.isRequestedSessionIdFromURL() and
> request.isRequestedSessionIdFromCookie()).
>
> If you don't want to go through the hassle, just use cookies
> and tell you users to
> accept them. IMHO they are absolutely no scurity risk.
>
> -hendrik
> - - - - - - - - - - - - - - - - - - - - - - - - - - -
> tagtraum industries http://www.tagtraum.com/
> jo! small&smart 2.2 servletengine
> Java Server & Servlets The web-application book
> The WebApp Framework http://www.webapp.de/
>
>
>
> Joe Hanink wrote:
>
> > Questions about URL Rewriting:
> >
> > what exactly is this and how is it done?
> > what does the server do, and what is programmed?
> >
> > i've read that sessions tied to cookies can fail due to client side
> > settings. url-rewriting was indicated as the workaround.
> >
> > do you build an adapted url or is it automated by some setting?
> > does the client app pass its session id with every request,
> via some header?
> >
> > finally, what are the limitations of url-rewriting... that
> is, what are the
> > failure modes (e.g. user clicks back button?)
> >
> >
> ==============================================================
> =============
> > To unsubscribe: mailto [EMAIL PROTECTED] with body:
> "signoff JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ==============================================================
> =============
> To unsubscribe: mailto [EMAIL PROTECTED] with body:
> "signoff JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
