• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

URL-Rewriting, Bullet Proof way?

 
Herbert Maosa
Ranch Hand
Posts: 289
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since we dont know whether our application is going to be accessed by a client that supports cookies, or whether the user has cookies turned off or not... why would it ever be sensible to use session tracking and/or cookes for client state information in an e-commerce app. Does it not follow that URL Re-writing should always be used???
Herbert.
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, the specs state that you if you are using cookies for session management, you should always encode your URL. Meaning if the client has cookies turned off, encodeURL will encode the JSessionID, otherwise it will leave it alone.
Something along those lines, it is in the Specs, I just don't remember the specific page
Mark
 
Madhav Lakkapragada
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
encodeURL will encode the JSessionID,
Actually, that would be jsessionid.
An important difference between cookies and URL-Rewritting.
it is in the Specs, I just don't remember the specific page
Chapter 7. SRV.7.1.1 and SRV.7.1.3.
Does it not follow that URL Re-writing should always be used?
Probably, but a vast majority of web users are in this age aware of cookies and am sure know how to accept cookies. Hence, it would be more reasonalble to first try cookies then fallback on the URL-rewritting for the few cases that don't use cookies. URL-Rewritting is more development effort than cookies.
regds.
- satya
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic