Simple answer - yes, you'll need to encode the URL, because if you don't you'll lose track of the session.
I'm not sure in what form you're producing the html form - i.e. whether from a servlet or a jsp. If you're generating from a servlet, then yes encodeUrl would be appropriate. If on the other hand you're using a jsp, you could use the url tag from the core library which takes care of URL rewriting automatically:
then write out the url on the action with:
[ August 03, 2006: Message edited by: Daniel Dalton ]