What is URL rewriting and how is it used to maintain session information?

Tim Rohaly

URL rewriting is a method of imposing session information on a normally idempotent series of HTTP requests. URL rewriting predates the use of cookies for this purpose, and is still often used when cookies are not supported by the client.

When the server decides to establish a session (e.g. upon submission of a log-in form or receipt of a non-URL rewritten page), the server assigns a unique session number (or other identifier) and returns to the client an HTML page where all the HREF tags include this session number. Thus, every time the client selects one of the links, the session number is sent back to the server as part of that HTTP request. The client doesn't need to take any special actions in order to use URL rewriting, but the server must keep track of each session and customize each returned HTML page for that particular session.

A classic example of URL rewriting can be found at http://www.amazon.com/. When you visit this link you will be immediately redirected to a page that has all the HREF tags rewritten with your session number, and the session number will also appear in the URL of the redirected page. This session number is thus passed to subsequent pages you visit at that site, and is used by the site to keep track of what's in your shopping cart.

Creation and tracking of session information on the server side can be done easily using Java Servlets or JSPs using the APIs provided. See the FAQs for those topics for more details.