I know that the sun link does not authenticate your current client session.
I know that because I wanted to download the JDK for linux.
I wanted to download it directly to the server but they have that stupid web page based download.
I got the whole url, ssh'd into my server and used wget to download it in 3 minutes rather than in an hour on my dsl connection and then have to send it to my server.
I think someone in sun just wanted to create something fancy regardless of what the customers wanted just so he/she could put it on their cv.
I hate these long urls, they wrap right arround a ssh session and are very unfriendly for people working with consoles.
--b
Daniel Perry wrote:
I dont think there is any information out there of the type you're requesting (it's not really a 'pattern').
Long URLs are long because there is a lot of information to transfer.
The big long codes given in urls are often are often hashes (eg session id!). These are made long so that it's hard to randomly enter a code and guess a correct one.
There's no reason to use long urls unless you have a reason! There are often security reasons (eg hashes/tokens), where you dont want people to be able to fiddle with the link. take a bank for example - you dont want to encourace hacking by putting: viewtransaction.do?transactionId=18374 (of course i'm assuming that any actions such as these would check that you own the transaction using session info!!!) instead do somthing like viewtransaction.do?massive_code_here and it instantly puts people off changing stuff.
As for suns example, i think sun counts you downloading stuff like J2EE SDK as 'purchasing' it. I think part of the reason for that link is to try and stop anyone from downloading the file and "stealing" it!
Also bear in mind that places such as sun, amazon, etc have massive sites, with many servers and an immense amount of information. They need to be able to track you, accross the site. Some sites try and do this using big codes that only the server understands, others tend to use nested directories, eg: http://news.bbc.co.uk/1/hi/world/middle_east/3845517.stm
Daniel.
-----Original Message----- From: Robert Taylor [mailto:[EMAIL PROTECTED] Sent: 28 June 2004 14:51 To: [EMAIL PROTECTED] Subject: [OT] Anatomy of a long URL
I'm not sure the subject of this email is indicative of my question, but I have always wondered why amazon, sun, and some financial institutions, use long URL's for invoking actions. My only guess, since I've only worked at small companies where all the applications pretty much run on one machine, is that the URL contains either encoded/sensitive information or contains session information. I'm just wondering why the heck does it look so darn complex.
For example, I just downloaded Sun's J2EE 1.4 SDK
http://192.18.97.53/ECom/EComTicketServlet/BEGINjsecom16c.sun.com-
9660%3A40e01d9a%3A3099733a3e651ac9/-2147483648/428874567/1/483962/ 483914/428874567/2ts+/westCoastFSEND/j2eesdk-1.4_01-oth-JPR/j2eesdk-1.4_01-o th-JPR:1/j2eesdk-1_4_01-windows.exe
after the "/-" then there appears to be some random numbers delimited by forward slashes. Is this some technique for sharing sessions across different applications?
My apologies if this is one of those things that "everone" know's about except me. I really wasnn't sure how to google on this topic either, so if there is some general documentation I missed, please point me to it.
robert
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
