XJ: Micael K�llman wrote:
> Hello
>
> I wonder what really happens when you do a call to the
> HttpServletResponse.sendRedirect() method. I happened to use both
> sessions and normal cookies in a servlet before doing a sendRedirect(),
> and to my surprise it worked. I guess I shouldn't have been surprised
> since every response has to use the HTTP-protocol, but I still wonder
> where the redirection actually takes place. Is it a special header?
> Could it be a meta-tag in the body of the response? I am just guessing
> here. Is there any risk that it could be implemented differently in
> different servers / servlet engines? Would the server influence the
> behaviour in any way?
>
One of the key factors that has made the web successful is conformance to
standards -- in the early days (1993 or so) these standards were driven by the
innovators who were creating the technology. More recently, standards bodies
have attempted to establish universal rules for things. First, the standards
bodies had to catch up with the current state of the art, and then they had to
build processes that can keep up with "Internet time".
The standard that deals with how sendRedirect() works is the HTTP protocol
specification, which was formalized by the World Wide Web Consortium
(http://www.w3c.org), and has been established as Internet standards in what
are called "Request for Comments" documents, or RFCs. Among other things, the
standards define what HTTP headers are required to be supported by all
environments. The standard for HTTP/1.0 is in RFC 1945, and for HTTP/1.1 it is
RFC 2068. Most current browsers and web servers support both versions. (Check
your favorite search engine for places you can download them).
Basically, a sendRedirect causes an HTTP status code of 302 (moved temporarily)
to be sent, along with a "Location:" header that defines the absolute URL of
the new page. Any other headers you've set in the response (including cookies)
are also included, as you discovered. The browser receives a 302, and
automatically does a request to the new location for you. This behavior can be
counted on in all web servers and browsers that conform to HTTP/1.0 or HTTP.1.1
(which is essentially all of them).
>
> In a posting a few days ago I saw that it was possible to specify a
> target-frame by setting a header; can sendRedirect() be used in any
> other special ways that might be useful?
>
Setting the target frame this way (with an HTTP header) is a perfect example of
how you can get unknowingly locked in to particular vendors. The header that
was used for this is not in the HTTP standards and therefore is not required to
be implemented by all browsers. The fact that this extension is supported by
Netscape and Explorer today is nice, but that does not by itself mean that
other browsers will do what you want.
Support for sendRedirect() mechanism, on the other hand, is a required feature
of the HTTP protocol, so you can count on it being supported.
On a redirect, or on a regular page display, you can send pretty much any
headers you want. But when you send nonstandard headers, you are relying on
the user running a browser that understands and acts on them. For specific
application uses, where you control what is at both ends, this is wonderful.
For regular web sites, I would personally use the standard way of directing
output to a particular frame (the TARGET attribute in the requesting page), or
JavaScript coding, rather than depending on this particular technique.
> Samplecode with Cookie and sendRedirect()
> Cookie userLevel = new Cookie("level",5);
> userLevel.setMaxAge(-1);
> res.addCookie(userLevel);
> res.sendRedirect("http://domain/servlet/somewhere.html");
>
> TIA
> /Micael
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
