Java Practices->Emit flexible URLs

Emit flexible URLs

The URLs emitted by a web application should respond flexibly to changes in deployment details, and to the possible use of session IDs by the container:

relative URLs are usually preferred, as they are insensitive to deployment details.
JSTL's <c:url> and <c:redirect> tags are helpful, since they prepend the application context, and they also transparently rewrite the URL if necessary, by adding a session ID. Note that <c:url> is used only with relative URLs.

Other items to note :

URL rewriting is considered by many to be a security risk.
The <c:url> tag doesn't escape ampersand characters. This means, unfortunately, that the URL generated by <c:url> doesn't always form a valid HTML HREF attribute. When the URL generated by <c:url> contains more than one request parameter (as in Blah.do?X=Y&A=B), some means should be used to properly escape the '&' character.

See Also :

Always maintain HttpSessions
Prefer JSTL tags
Manage sessions closely
Beware of URL rewriting