1 / 10

URL Rewriting

URL Rewriting. 4.1.0.3. Unit objectives. After completing this unit, you should be able to: Describe what URL rewriting is used for Describe the use of URL rewriting for client data (session related client data) Explain when to use URL rewriting. URL Rewriting (1 of 2).

cedric
Download Presentation

URL Rewriting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. URL Rewriting 4.1.0.3

  2. Unit objectives After completing this unit, you should be able to: • Describe what URL rewriting is used for • Describe the use of URL rewriting for client data (session related client data) • Explain when to use URL rewriting

  3. URL Rewriting (1 of 2) • Always available option of session tracking • May be used by the server to establish tracking session data where a client does not accept a cookie • Involves adding data to the URL path that can be interpreted by the server on the next request to associate the request with a session

  4. URL Rewriting (2 of 2) • URL encoding for session ID passing • Requires the developer to: • Use special encoding APIs • Set up the site page flow to avoid losing the encoded information • Limits the flow of site pages exclusively to dynamically generated pages (such as pages generated by servlets or JSP pages) • Works by actually storing the session identifier in the page returned to the user

  5. Servlet Code • If the servlet returns HTML directly to the requester (without using a JSP page), the servlet calls the encodeURL() method to encode the session ID • This method associates a session ID with a URL out.println("<a href=\""); out.println(response.encodeURL ("/store/catalog")); out.println("\">catalog</a>"); • Even pages using redirection (a common practice with servlet-JSP combinations) must encode the session ID as part of the redirect: response.sendRedirect(response.encodeRedirectURL( "http://myhost/store/catalog"));

  6. JSP Code • When JSP pages use URL encoding, the JSP page calls the encodeURL() and encodeRedirectURL() methods to encode the session ID: response.sendRedirect(response.encodeRedirectURL( "http://myhost/store/catalog"));

  7. URL Rewriting and Cookies • If the user clicks a link with a rewritten URL: • The web container recognizes and extracts the session ID • The getSession() method uses the session ID to get the user's HttpSession object • If the user's browser does not support cookies and the user clicks an unrewritten URL: • The user's session is lost • You should consistently use URL rewriting if your servlet is to support clients that do not support or accept cookies

  8. Checkpoint • What is URL rewriting? • When would you use URL rewriting instead of cookies? • What is the danger if the user's browser does not support cookies and the user clicks an URL that has not been rewritten?

  9. Checkpoint solutions • It is a technique for maintaining the session ID across browser interactions. Essentially, the session ID is sent as part of the URL sent to the server. • If it is essential to your application that a session be maintained, you need to use URL rewriting. Otherwise, the client could disable cookies on his or her browser, and you would lose the session ID, and hence the session. • In this case, the URL sent back to the server would not contain the session ID, and there would be no cookie containing the ID either. The session would then be lost.

  10. Unit summary Having completed this unit, you should be able to: • Use URL rewriting to pass the session ID • Determine when URL rewriting is appropriate

More Related