To overwrite a trace session with a URL

In some cases, if you cannot use a cookie to track a user's session, you must use URL rewriting to track the session. Applications that use URLs to override trace sessions must follow certain programming guidelines. Application developers need to:

Programming a session applet to encode a URL to provide a small service program or JSP file as an entry point for an application avoid programming the session applet to encode URLs in the application using normal HTML files

Depending on whether the small service program returns URLs to the browser or redirects them, include Encodeurl () or Encoderedirecturl () in the applet code. Here is an example demo that you are currently putting in the small Service program code. rewrite the URL to return to the browser

Suppose you currently have a statement:

Change the small service program to invoke the Encodeurl method before sending the URL to the output stream.

overriding URLs to redirect

Suppose you currently have the following statement:

Change the small service program to invoke the Encoderedirecturl method before sending the URL to the output stream.

The Encodeurl () and Encoderedirecturl () methods are part of the HttpServletResponse object. These calls will check to see if URL rewriting is configured before the URL is encoded. If not configured, the original URL is returned.

If cookies and URL overrides are enabled, and Response.encodeurl () or Encoderedirecturl () is invoked, the URL is encoded even if the browser that makes the HTTP request processes the session cookie.

You can also configure session support to enable protocol switch rewriting. When this option is enabled, the product uses session identities to encode URLs to be transferred between HTTP and HTTPS protocols. For more information, see related information. provides a small service program or JSP file as an entry point

The application's entry points, such as those displayed by the splash screen, may not require a session to be used. However, if the application typically requires session support after the session is created (which means that some parts of it, such as a small service program, require session support), all URLs must be encoded so that the session identity is persisted by a small service program (or other application component) that requires the session's support.

The following example shows how to embed Java code in a JSP file:

avoid using normal HTML files in your application

Note, use URL overrides to maintain session state, and do not link to portions of your application from normal HTML files (files with an. html or. htm extension).

This restriction is required because URL encoding cannot be used in normal HTML files. In order to maintain state by using URL rewriting, every page that a user requests during that session must have code that the Java interpreter understands.

If the user may have access to an application (or WEB application) or a partial site that contains such plain HTML files during a session, convert them to a JSP file.

This affects the application writer, because, as described above, the maintenance session with URL overrides requires that each small service in the application must use URL encoding for each HREF attribute on the tag.

If one or more small service programs in the application do not call the Encodeurl (string url) or Encoderedirecturl (string url) method, the session is lost.

Attachment: Two methods of Javax.servlet.http.HttpServletResponse

Encoderedirecturl

Encodes the specified URL used by the Sendredirect method. If no encoding is required, return the URL directly. This additional encoding method is provided because, in the case of redirect, the rules and general circumstances that determine whether to encode the URL are different. The URL given must be an absolute URL. A relative URL cannot be received, and a illegalargumentexception is thrown.

All URLs provided to the Sendredirect method should be run in this way in order to ensure that session tracking works correctly in all browsers.

Encodeurl

Encodes the URL that contains the session ID. If no encoding is required, return the URL directly. The servlet engine must provide a URL encoding method because in some cases we will have to rewrite the URL, for example, to include a valid session in response to the request, but this session cannot be maintained by means other than URLs (such as cookies).

All URLs provided to the servlet should be run this way to ensure that session tracking works correctly in all browsers.