Pass Hidden parameters using response.sendRedirect()

java jsp servlets post url-parameters

132,789

Solution 1

TheNewIdiot's answer successfully explains the problem and the reason why you can't send attributes in request through a redirect. Possible solutions:

Using forwarding. This will enable that request attributes could be passed to the view and you can use them in form of ServletRequest#getAttribute or by using Expression Language and JSTL. Short example (reusing TheNewIdiot's answer] code).

Controller (your servlet)
```
request.setAttribute("message", "Hello world");
RequestDispatcher dispatcher = servletContext().getRequestDispatcher(url);
dispatcher.forward(request, response);
```
View (your JSP)

Using scriptlets:
```
<%
    out.println(request.getAttribute("message"));
%>
```
This is just for information purposes. Scriptlets usage must be avoided: How to avoid Java code in JSP files?. Below there is the example using EL and JSTL.
```
<c:out value="${message}" />
```
If you can't use forwarding (because you don't like it or you don't feel it that way or because you must use a redirect) then an option would be saving a message as a session attribute, then redirect to your view, recover the session attribute in your view and remove it from session. Remember to always have your user session with only relevant data. Code example

Controller
```
//if request is not from HttpServletRequest, you should do a typecast before
HttpSession session = request.getSession(false);
//save message in session
session.setAttribute("helloWorld", "Hello world");
response.sendRedirect("/content/test.jsp");
```
View

Again, showing this using scriptlets and then EL + JSTL:
```
<%
    out.println(session.getAttribute("message"));
    session.removeAttribute("message");
%>

<c:out value="${sessionScope.message}" />
<c:remove var="message" scope="session" />
```

Solution 2

Generally, you cannot send a POST request using sendRedirect() method. You can use RequestDispatcher to forward() requests with parameters within the same web application, same context.

RequestDispatcher dispatcher = servletContext().getRequestDispatcher("test.jsp");
dispatcher.forward(request, response);

The HTTP spec states that all redirects must be in the form of a GET (or HEAD). You can consider encrypting your query string parameters if security is an issue. Another way is you can POST to the target by having a hidden form with method POST and submitting it with javascript when the page is loaded.

132,789

Ashish Anand

Updated on December 01, 2021

Comments

Ashish Anand over 2 years
How would I pass hidden parameters? I want to call a page (test.jsp) but also pass 2 hidden parameters like a post.
```
response.sendRedirect("/content/test.jsp");
```
- Luiggi Mendoza about 11 years
  
  @informatik01 my answer covers what you covered in yours except that mine adds the view part of removing session attribute using JSTL.
- informatik01 about 11 years
  
  @LuiggiMendoza Sorry dude, I'll delete my comment to make sure you're OK. By the way, that answer was posted about 5 month ago )
- Luiggi Mendoza about 11 years
  
  @informatik01 didn't know about your post, but looks like we both know (among other people around the world) how to handle this problem.
AllTooSir about 11 years

@AshishAnand See my edited answer , you can use RequestDispatcher within same web app.
access_granted over 6 years

should it be getServletContext().getRequestDispatcher(...) ?
helvete over 2 years

Thank you for this code snippet, which might provide some limited, immediate help. A proper explanation would greatly improve its long-term value by showing why this is a good solution to the problem and would make it more useful to future readers with other, similar questions. Please edit your answer to add some explanation, including the assumptions you’ve made.