190 likes | 399 Vues
URL Rewriting. 184.108.40.206. Unit objectives. After completing this unit, you should be able to: Describe what URL rewriting is used for Describe the use of URL rewriting for client data (session related client data) Explain when to use URL rewriting. URL Rewriting (1 of 2).
E N D
URL Rewriting 220.127.116.11
Unit objectives After completing this unit, you should be able to: • Describe what URL rewriting is used for • Describe the use of URL rewriting for client data (session related client data) • Explain when to use URL rewriting
URL Rewriting (1 of 2) • Always available option of session tracking • May be used by the server to establish tracking session data where a client does not accept a cookie • Involves adding data to the URL path that can be interpreted by the server on the next request to associate the request with a session
URL Rewriting (2 of 2) • URL encoding for session ID passing • Requires the developer to: • Use special encoding APIs • Set up the site page flow to avoid losing the encoded information • Limits the flow of site pages exclusively to dynamically generated pages (such as pages generated by servlets or JSP pages) • Works by actually storing the session identifier in the page returned to the user
Servlet Code • If the servlet returns HTML directly to the requester (without using a JSP page), the servlet calls the encodeURL() method to encode the session ID • This method associates a session ID with a URL out.println("<a href=\""); out.println(response.encodeURL ("/store/catalog")); out.println("\">catalog</a>"); • Even pages using redirection (a common practice with servlet-JSP combinations) must encode the session ID as part of the redirect: response.sendRedirect(response.encodeRedirectURL( "http://myhost/store/catalog"));
JSP Code • When JSP pages use URL encoding, the JSP page calls the encodeURL() and encodeRedirectURL() methods to encode the session ID: response.sendRedirect(response.encodeRedirectURL( "http://myhost/store/catalog"));
URL Rewriting and Cookies • If the user clicks a link with a rewritten URL: • The web container recognizes and extracts the session ID • The getSession() method uses the session ID to get the user's HttpSession object • If the user's browser does not support cookies and the user clicks an unrewritten URL: • The user's session is lost • You should consistently use URL rewriting if your servlet is to support clients that do not support or accept cookies
Checkpoint • What is URL rewriting? • When would you use URL rewriting instead of cookies? • What is the danger if the user's browser does not support cookies and the user clicks an URL that has not been rewritten?
Checkpoint solutions • It is a technique for maintaining the session ID across browser interactions. Essentially, the session ID is sent as part of the URL sent to the server. • If it is essential to your application that a session be maintained, you need to use URL rewriting. Otherwise, the client could disable cookies on his or her browser, and you would lose the session ID, and hence the session. • In this case, the URL sent back to the server would not contain the session ID, and there would be no cookie containing the ID either. The session would then be lost.
Unit summary Having completed this unit, you should be able to: • Use URL rewriting to pass the session ID • Determine when URL rewriting is appropriate