Always maintain HttpSessions
Prefer JSTL tags
Manage sessions closely
Beware of URL rewriting
<c:redirect>tags are helpful, since they prepend the application context, and they also transparently rewrite the URL if necessary, by adding a session ID. Note that
<c:url>is used only with relative URLs.
<c:url>tag doesn't escape ampersand characters. This means, unfortunately, that the URL generated by
<c:url>doesn't always form a valid HTML HREF attribute. When the URL generated by
<c:url>contains more than one request parameter (as in
Blah.do?X=Y&A=B), some means should be used to properly escape the '