一: jsessionid 简介:
因为Session默认是需要Cookie支持的 有些客户浏览器是关闭Cookie的,
这个时候就需要在URL中指定服务器上的jssessionid标识.如果你的web应用带有 jsessionid ,首先你的web应用不安全,而且也不利于 SEO (亦不美观).
二: Java代码:
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class DisableUrlSessionFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
chain.doFilter(request, response);
return;
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (httpRequest.isRequestedSessionIdFromURL()) {
HttpSession session = httpRequest.getSession();
if (session != null)
session.invalidate();
}
// wrap response to remove URL encoding
HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(
httpResponse) {
@Override
public String encodeRedirectUrl(String url) {
return url;
}
public String encodeRedirectURL(String url) {
return url;
}
public String encodeUrl(String url) {
return url;
}
public String encodeURL(String url) {
return url;
}
};
chain.doFilter(request, wrappedResponse);
}
public void init(FilterConfig config) throws ServletException {
}
public void destroy() {
}
}
三: web.xml配置filter:
<filter>
<filter-name>jsessionid</filter-name>
<filter-class>
xinyu.filter.DisableUrlSessionFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>jsessionid</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>