浮躁的技术之路  
Self Control!!!

当用URL-rewriting方式来管理Session的时候,通过以上两个方法把session ID写到URL中。

不同点是:两个方法确定是否需要包含session ID的逻辑不同。在调用HttpServletResponse.sendRedirect前,应该先调用encodeRedirectURL()方法,否则可能会丢失Sesssion信息。

在使用URL重写几只的时候要注意,为了保证会话跟踪的正确性,所有的链接和重定向语句中的URL都需要调用encodeURL()或encodeRedirectURL()方法进行编码。另外,由于附加在URL中的session ID是动态产生的,对每一个用户是不同的,所以对于静态页面的相互跳转,URL重写机制无能为力。当然可以通过将静态页面转换为动态页面解决。

方法的执行:首先判断当前的Servlet是否执行了HttpSession对象的invalidate()方法,如果已经执行返回参数URL。接下来判断客户端是否禁用了Cookie,没有禁用直接返回参数URL,如果禁用,则在参数URL中附加session ID,返回编码后的URL。

 

摘一段API中的描述:

public java.lang.String encodeURL(java.lang.String url)
Encodes the specified URL by including the session ID in it, or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. For example, if the browser supports cookies, or session tracking is turned off, URL encoding is unnecessary.
For robust session tracking, all URLs emitted by a servlet should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies.

public java.lang.String encodeRedirectURL(java.lang.String url)
    Encodes the specified URL for use in the sendRedirect method or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. Because the rules for making this determination can differ from those used to decide whether to encode a normal link, this method is separated from the encodeURL method.
    All URLs sent to the HttpServletResponse.sendRedirect method should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies.

具体的区别有时间去深究java源代码!!!

 

posted on 2009-05-07 22:32  马里奥  阅读(6620)  评论(0编辑  收藏  举报