【转载】response对象 encodeURL与encodeRedirectURL

转载地址：http://blog.sina.com.cn/s/blog_4cc16fc50100bxt9.html
public java.lang.String encodeURL(java.lang.String url)
Encodes the specified URL by including the session ID in it, or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. For example, if the browser supports cookies, or session tracking is turned off, URL encoding is unnecessary.
public java.lang.String encodeRedirectURL(java.lang.String url)
Encodes the specified URL for use in the sendRedirect method or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. Because the rules for making this determination can differ from those used to decide whether to encode a normal link, this method is separete from the encodeURL method.
两种情况会用到引用自身站点的URL

第一种，在servlet生成的 web页面中含有嵌入的URL，应该将这URL传递给 response的 encodeURL()。这个方法确定当前是否在使用URL重写，仅在必需时附加会话信息；否则不做更改直接返回传入的URL:
String aURL = someURL;
String encodeUrl = response.encodeURL(aURL);
out.print(“< A href=” + encodeUrl ….);
第二种情况是在sendRedirect()调用中（即放入Location响应报头）。这种情况下，由于要根据不同规则确定是否需要附加会话信息，因而不能使用encodeURL，需要使用HttpServletResponse的 encodeRedirectURL()。
String originalURL = someURL;
String encodeUrl = response.encodeRedirectURL(originalURL);
response.sendRedirect(encodeUrl);

如果认为自己的Web应用最终有可能使用URL重写来替代Cookie，那么最好预先规划，对引用自身站点的URL进行编码。