URL rewriting or cookies
For session managment, there are two schools of thought: cookie-based / URL rewriting .
cookie based: a message (cookie) containing user’s information is sent to the browser by the Web server. This cookie is sent back to the server when the user tries to access certain pages. By sending back the cookie, the server is able to identify the user and retrieves the user’s session from the session database; thus, maintaining the user’s session.
URL rewriting: all links that are returned to the browser or that get redirected have the session ID appended to them. When the user clicks these links, the rewritten form of the URL is sent to the server as part of the client’s request. The servlet engine recognizes the session ID in the URL and saves it for obtaining the proper object for this user. To use URL rewriting, HTML files cannot be used for links. To use URL rewriting, JSP files must be used for display purposes.
Alternatively, the session object hides the details of dealing with the cookies or rewriting URLS.