• Post Reply Bookmark Topic Watch Topic
  • New Topic

theoretical question about sessions..

 
Ilja Smoli
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,
I guess it will be newbie question
Often I see sites where after logging in, URL looks like "https://servername.com/itbmain;jsessionid=aaa-9SrjakUS3U?rnd=0.999548348108529" or smth. like that.
So I wondered why to put sessionid in URL, what advantages of this tehnique(if this is a right question).
thx in advance..
 
Jessica Sant
Sheriff
Posts: 4313
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
by default, session information is stored on a cookie in the client's browser.
But what if the client has turned off cookies?!?! You won't be able to track session information, and the user would get REALLY upset that everytime they put a book in their shopping cart, it fell right out the bottom.
SO..... the smart people over at Sun came up with this method called -HttpServletResponse.encodeURL(). Basically it'll figure out if the client accepts cookies or not -- and if they do not -- it'll automagically add the ;jsessionid=234523667 onto the end of the URL -- so that session information can successfully be tracked and that hole in the bottom of your shopping cart gets fixed
 
Ilja Smoli
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, as i understand i have to write all links within site like

or?
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You'd never do that -- you'd use custom tags, such as JSTL <c:url> or Struts' <html:link>.
- Peter
 
Asher Tarnopolski
Ranch Hand
Posts: 260
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
peter - response.encodeURL is a good solution,
and it's pure jsp. so, why shouldn't we use it?
:roll:
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Scriptlets! Scriptlets are the bane of JSP maintenance. They are evil, and as of JSP 2.0 there will be no excuse anymore to use them.
Your encodeURL() call looks innocent enough. But sooner or later you'll want to add a bunch of parameters, or do something else that isn't quite straightforward. Things will go downhill from there.
- Peter
 
Ilja Smoli
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Peter, could u provide plz some good links about ur way?
And u mean we should use servlets instead of scriptlets?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!