Hidden Form Field in JSP and Servlet

One way to support anonymous session tracking is to use hidden form fields. 

As the name implies, these are fields added to an HTML form that are not displayed in the client's browser. 

They are sent back to the server when the form that contains them is submitted. You include hidden form files with HTML like this:

Code of index.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <form action="nextpage.jsp"> <input type="text" name="num1"> <br> <input type="hidden" name="num2" value="12345"> <br> <input type="submit"> </form> </body> </html>

In a sense, hidden form fields define constant variables for a form. To a servlet or JSP receiving a submitted form, there is no difference between a hidden field and a visible field.

Code of nextpage.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html> <html> <head> <meta charset="ISO-8859-1"> <title>Insert title here</title> </head> <body> <%=request.getParameter("num1")%> <%=request.getParameter("num2")%> </body> </html>

The advantages of hidden form fields are their ubiquity and support for anonymity. 

Hidden fields are supported in all the popular browsers, they demand no special server requirements, and they can be used with clients that haven't registered or logged in. 

The major disadvantage of this technique, however, is that the session persists only through sequences of dynamically generated forms. The session cannot be maintained with static documents, emailed documents, bookmarked documents, or browser shutdowns.

Happy Exploring!