去除URL后面的jsessionid
jsessionid的危害及去除解决方案,原文：http://randomcoder.com/articles/jsessionid-considered-harmful

其实就是加个filter截取所有URL并进行重写:

public class DisableUrlSessionFilter implements Filter {@Overridepublic void destroy() {}@Overridepublic void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {if (!(request instanceof HttpServletRequest)) {chain.doFilter(request, response);return;}HttpServletRequest httpRequest = (HttpServletRequest) request;HttpServletResponse httpResponse = (HttpServletResponse) response;if (httpRequest.isRequestedSessionIdFromURL()) {HttpSession session = httpRequest.getSession();if (session != null)session.invalidate();}HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(httpResponse) {public String encodeRedirectUrl(String url) {return url;}public String encodeRedirectURL(String url) {return url;}public String encodeUrl(String url) {return url;}public String encodeURL(String url) {return url;}};chain.doFilter(request, wrappedResponse);}@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}}

然后是web.xml的配置:

<!--to disable jsessionid in url  --><filter>  <filter-name>    DisableUrlSessionFilter  </filter-name>  <filter-class>   com.abc.web.filter.DisableUrlSessionFilter  </filter-class></filter><filter-mapping>  <filter-name>DisableUrlSessionFilter</filter-name>  <url-pattern>/*</url-pattern></filter-mapping>

1 楼 murener 2011-12-30 那session不是丢失了吗? 2 楼 twovs 昨天 他根本就没试验过，只是照抄而已，urljsessionid
根本不理会这个filter，照样带着