Difference between Forward and Redirect
Forward
- forward is performed internally by the servlet
- the browser is completely unaware that it has taken place, so its original URL remains intact
- any browser reload will simple repeat the original request, with the original URL
- When u forward a jsp page from one page to another, the same request object is handling the processing of the request
- in forward u maintain ur servletcontext
- Browser url will not change
Redirect
- redirect is a two step process, where the web application instructs the browser to fetch a second URL, which differs from the original
- a browser reload of the second URL will not repeat the original request, but will rather fetch the second URL
- redirect is always slower than a forward, since it requires a second browser request
- beans placed in the original request scope are not available to the second request
- When u do redirect a new servletcontext is started and ur previous servlet context is lost
- Browser url will change to the new one
Difference between Get and Post
Post can handle more data but Get is limited in size. Get request can be seen in the browser url in query string but Post request can not.
Difference between HTTP parameter and attibute
Request parameters are the result of submitting an HTTP request with a query string that specifies the name/value pairs, or of submitting an HTML form that specifies the name/value pairs. The name and the values are always strings. When you do a post from html, data can be automatically retrieved by using request.getParameter(). Parameters are Strings, and generally can be retrieved, but not set.
Request attributes (more correctly called "request-scoped variables") are objects of any type (No just String) that are explicitly placed on the request object via a call to the setAttribute() method. They are retrieved in Java code via the getAttribute() method and in JSP pages with Expression Language references. Always use request.getAttribute() to get an object added to the request scope on the serverside i.e. using request.setAttribute().getAttribute returns an object but getParameter returns String.
Session Management
User session management can be done in server or/and in client side. Client side session management can be done using html hidden fields or cookies. Both have their own drawbacks and are not recommended.
Session is better to be saved in business tier or integration tier.
View (Presentation) Security
1- Controller based: a controller redirects requests to resources
2- Using taglibs to guard all or portions of a page
3- Applying roles and restrictions in web.xml
4- Placing resources under WEB-INF
Duplicate Form Submissions
Synchronizer Token strategy addresses the problem of duplicate form submissions. A synchronizer token is set in a user's session and included with each form returned to the client. When that form is submitted, the synchronizer token in the form is compared to the synchronizer token in the session. The tokens should match the first time the form is submitted. If the tokens do not match, then the form submission can be disallowed and an error returned to the user. Token mismatch might occur when the user submits a form, then clicks the Back button in the browser and attempts to resubmit the same form. Most of web frameworks have their own way of tackling this issue.
Request Integrity
Suppose we have a bean with properties "name" and "address".
1- We set name = "reza" and address="aus" in request 1
2- In request 2 we set name = "ali" and do not set address but the address property in the bean will still be "aus" Why?
Because the spec says to make no changes to the matching bean property in this case.
So you have to make sure to SET values in every request, in this case to null or "".
Always reset all state in beans between requests
