Always maintain HttpSessions
Prefer JSTL tags
Manage sessions closely
Beware of URL rewriting
<c:url>
and <c:redirect>
tags are helpful, since they
prepend the application context, and they also transparently rewrite the URL if necessary, by adding a session ID.
Note that <c:url>
is used only with relative URLs.
<c:url>
tag doesn't escape ampersand characters.
This means, unfortunately, that the URL generated by <c:url>
doesn't always form a valid HTML HREF attribute.
When the URL generated by <c:url>
contains more than one request parameter (as in Blah.do?X=Y&A=B
), some means should be used to properly escape the '&
' character.