Is there a way to encode session information within a form?

Govind Seshadri

Answer by Michael Wax

The key alternative to using cookies is URL rewriting, in which a session key is added to URLs used for navigation around a site instead of being placed in a cookie. If you look at the URLs of many popular commercial sites (e.g., Amazon), you can see URL rewriting in action.

Many popular servlet containers will do URL rewriting for you. One caveat to using URL rewriting is that you must ensure that every link and form action must be rewritten to contain the session key. Any link which is missing this key will cause loss session information.