URL rewriting only starts to work if cookies are unavailable and the response has the URL encoded.
© Copyright Marcus Green 2007
4.4) Given a scenario, describe which session management mechanism the Web container could employ, how cookies might be used to manage sessions, how URL rewriting might be used to manage sessions, and write servlet code to perform URL rewriting.
Cookies are the most commonly used technology for implementing sessions and were described in some detail in objective 1.3 Compared with URL encoding they require less coding for the programmer and work with the vast majority of web browsers. Servlets support direct manipulation of cookies through the javax.servlet.http.Cookie class but when implementing sessions all of the cookie manipulation is done “behind the scenes” and from a programmer perspective the session is managed through the abstraction of the HttpSession interface.
If a browser has cookies disabled servlets are still able to maintain session state through the use of URL encoding. This involves appending a unique session id to the end of any URL.
|
|
URL rewriting only starts to work if cookies are unavailable and the response has the URL encoded. |
To demonstrate this in action you will need to turn of cookie support in your browser. In Mozilla Firefox this is done through the Tools/Options/Cookies menu and in MS Internet Explorer it is done through Tools/Internet Options/Privacy/Advanced then check the “Override automatic cookie handling” option and click both radio buttons marked “block”.
If you add the following lines of code to the MyServlet code shown previously
String url = response.encodeURL("MyServlet");
out.print(url);And request the page in your browser. You should see something like
MyServlet;jsessionid=6AD095E84932FFD37E02CA74870CE71D
Note that the character between the servlet name and the jsessionid attribute is a semi colon not a ?. The URL encoded version can be embedded in any links within a page to ensure that the session is maintained between pages. There is also a method called
encodeRedirectURL(String url);
Which should be used if the resulting url is going to be passed to the method
response.sendRedirect(String URL);
The following code shows how you can encode a URL within the doGet method of a servlet doGet method. Question: Would it make any difference if you remove the call to getSession()?
/**
**@author Marcus Green
*SCWCD objective 4.4
* URL rewriting
**/
package com.examulator;
import java.io.*;
import java.net.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class url_rewriteservlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try{
request.getSession();
PrintWriter out = response.getWriter();
String url = "www.examulator.com";
url= response.encodeURL(url);
out.print(url);
}catch(IOException ioe){ /*do something such as logging */}
}
}
The equivalent functionality within a JSP page is as follows.
<%
request.getSession();
String url = response.encodeURL("www.jchq.net");
out.print(url);
%>
The encodeURL method seems to take a close look at the details of the parameter passed to it, if you include the http:// part of the URL it doesn't seem to recognise it as a valid parameter and does not perform the session rewriting.
Note that sessions based on URL rewriting will only work with dynamically generated pages, if you want session support for a static HTML page you could of course run it through a servlet in such a way that any urls are rewritten. The exam does not ask questions on how to do that.
Other sources
Marty Hall on session tracking
http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Session-Tracking.html
URL rewriting by Kiran Pai
http://www.developertutorials.com/tutorials/java/implement-session-tracking-050611/page5.html
Servlet best practice from O'Reilly
http://www.onjava.com/pub/a/onjava/excerpt/jebp_3/index1.html?page=4
According to Mikalai Zaikin
http://java.boot.by/wcd-guide/ch04s04.html