Show TOC Start of Content Area

Background documentation URL Rewriting as an Alternative to Cookies  Locate the document in its SAP Library structure

We recommend that you develop your servlets in order to perform session tracking using URL rewriting. By default, session tracking on the AS Java is performed using cookies. However, in cases where the client browser does not accept cookies, you must use URL rewriting. Use this mechanism also in the following cases:

      For HTML links from your pages;

      For redirect URLs.

Note

URL rewriting is always used when the first request from the client arrives. This guarantees that the client receives the session information even if it does not accept cookies.

To perform URL rewriting, use the encodeURL() method of the HttpServletResponse object.

Example

Rewrite the URL to return to a browser:

out.println("<a href=\"");

out.println(response.encodeURL ("/store/catalog"));

out.println("\">catalog</a>");

Do not write the URL directly to the output stream:

out.println("<a href=\"/store/catalog\">catalog<a>");

You can perform a check whether a session has been retrieved from a cookie using the isRequestedSessionFromCookie() method of HttpServletRequest object.

The AS Java’s Web Container provides an extension to the standard encodeURL(String url), encodeUrl(String s), encodeRedirectUrl(String location) and encodeRedirectURL(String location) methods. That is, if the forceEncoding: string is present at the very beginning of the request URL, it will encode the session information to the URL even if the request contained a session cookie.

Using URL Rewriting Only

You can perform session tracking in your application using URL rewriting only. You configure this behavior by adding the <url-session-tracking/> tag in the additional web deployment descriptor (web-j2ee-engine.xml) of your application.

Moe information about the web-j2ee-engine.xml’s schema: web-j2ee-engine.xsd.

This case is applicable for Wireless Application Protocol (WAP) applications, for example. Since WAP protocol does not support cookies, the only way to identify a client is by transferring session information as part of the request URL. Be aware that most WAP devices have limit of the length of the URL they can transmit.

It is also applicable for multiframed pages, for example, for which different frames are related to accessing different sessions.

 

 

End of Content Area