Use URL to override tracking sessions

xiaoxiao2021-03-06  185

In some cases, if you cannot use a cookie to track the recorded user session, you must use the URL to overrink to track the session. Applications with URL to overwrite tracking sessions must follow certain programming guidelines. Application developers need:

Programming the Session Small Sergem with the URL to provide a small service program or JSP file as an entry point of the application to avoid using ordinary HTML files in the application.

Program the session small service program to encode URL

Depending on the small service program, returning the URL to the browser or redirects them, including EncodeURL () or EncodeRectURL () in the small service program code. Here is the example demonstration you are currently placed in the small service program code.

Rewrite the URL to return to the browser

Suppose you present statement:

Out.println ("Catalog");

Change the small service program to call the EncodeURL method before sending the URL to the output stream.

Out.println ("

Rewrite the URL to redirect

Suppose you have the following statements:

Response.sendredirect ("http:// myhost / store / catalog");

Change the small service program to call the EncoderedirectURL method before sending the URL to the output stream.

Response.sendredirect (Response.EncoderedInderctURL ("http: // myhost / store / catalog");

EncodeURL () and encoderedirectURL () methods are part of the HTTPSERVLETRESPONSE object. These calls will check if the URL rewrite is configured before encoding the URL. If not configured, return the original URL.

If Cookie and URL rewriting are enabled, response.EncodeURL () or eNCodeRedirectURL () or EncodeRedirectURL () is called, and the URL will be encoded even if the browser for HTTP requests is handled.

You can also configure session support to enable protocol switch to write. This option is enabled, which will use the session ID to encode the URL to transfer in HTTP and HTTPS protocols. To get more information, see related information.

Provide small service programs or JSP files as entry points

The application's entry point (as shown in the initial screen) may not need to use a session. However, if the application typically requires session support after session (this means that some of its parts (such as a small service program) requires session support), all URLs must be encoded to make small sessions support Server (or other application components) permanently reserved the session ID.

The following example shows how to embed Java code in the JSP file:

<%

Response.encodeurl ("/ store / catalog");

%>

Avoid using ordinary HTML files in your application

Note, use the URL to override to maintain the session state, do not link to your part of the application from the ordinary HTML file (with .html or .htm extension).

This limitation is required because the URL encoding cannot be used in the ordinary HTML file. In order to maintain a state in order to maintain a state, each page requested during the session must have a code that the Java interpreter can understand.

If the user may access during the session (or Web application) or some site contains this ordinary HTML file, convert them into JSP files.

This will affect the application writer, since the URL rewrite the maintenance session with the URL to rewrite the maintenance session with the URL to use the URL encoding each of the HREF attributes on the label. If one or more small servers in the application do not call EncodeURL (String URL) or EncoderedirectURL (String URL) methods, the session will be lost. Attached: two methods of javax.servlet.http.httpservletResponse ENCODIRECTURL

Public String EncodeRedirectURL (String URL); encodes the specified URL used by the SendRedirect method. If you do not need to be encoded, you will return this URL directly. This additional coding method is provided because the rules that decide whether to encode the URL in the case of Redirect. The URL given must be an absolute URL. Relative URLs cannot be received, an IllegaLargumentException will be thrown. All URLs that provide to the SendRedirect method should run through this method, so that session tracking can run normally in all browsers. Encodeurl

Public String EncodeURL (String URL); encodes a URL containing the session ID. If you do not need to be encoded, you will return this URL directly. The servlet engine must provide a URL encoding method, because in some cases, we will have to rewrite the URL, for example, in response to the corresponding request containing a valid session, but this session cannot be non-URL (such as cookie) means To maintain. All URLs provided to servlet should run through this method, so that session tracking can run normally in all browsers.

转载请注明原文地址:https://www.9cbs.com/read-128340.html

New Post(0)