how to hide the parameter value in href in jsp?

Question

here is my problem. How could I hide the value of the parameter from the url? because I don't have idea how to hide it. it keep on appearing like this (http://localhost:8084/YIP/MentorServlet?action=peribadi&mentorid=951218-02-5598)

<div id="mySidenav" class="sidenav">
  <a href="javascript:void(0)" class="closebtn" onclick="closeNav()">&times;
</a>
  <% String id=request.getParameter("mentorid");%>
  <li>
      <a href="MentorView.jsp">Utama</a>
  </li>
  <li>
      <a href="MentorServlet?action=peribadi&mentorid=<%=id%>">Peribadi</a>
  </li>

Answer 1

Some options:

• do nothing: this is the best one, as there is no such thing as securely hiding something in HTML. Whoever looks into the page source, will see how the servlet in question can be invoked
• switch to a form and a submit button, something what @alayor shows. If you use POST, the parameters will not appear in the URL
• switch to a form, but keep the looks of an anchor and submit form from JavaScript (some docs some overcomplicated examples)
• manipulate browser history from the target page (docs1, docs2)
• keep mentorid in a session variable on server-side: hackers never see it
• keep mentorid in an encrypted cookie: hackers see it, but can not decode. However they can try reusing it later (replay attack)
• the various other ones I have forgotten and/or never even heard about

Answer 2

You can create an HTML for instead of an anchor.

<div id="mySidenav" class="sidenav">
  <a href="javascript:void(0)" class="closebtn" onclick="closeNav()">&times;
</a>
  <% String id=request.getParameter("mentorid");%>
  <li>
      <a href="MentorView.jsp">Utama</a>
  </li>
  <li>
     <form action="/MentorServlet" method="POST">
       <input type="hidden" name="action" value="peribadi" />
       <input type="hidden" name="mentorid" value="<%=id%>" />
       <button>Peribadi</button>
     </form>
  </li>

This way you can avoid sending the parameter in the URL and it will send in the HTTP Request Body instead.