日期:2014-05-16  浏览次数:20550 次

去掉url中的 jsessionid
一: jsessionid 简介:
因为Session默认是需要Cookie支持的 有些客户浏览器是关闭Cookie的,
这个时候就需要在URL中指定服务器上的jssessionid标识.如果你的web应用带有 jsessionid ,首先你的web应用不安全,而且也不利于 SEO (亦不美观).

二: Java代码:
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
import java.io.IOException;

public class DisableUrlSessionFilter implements Filter {

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		if (!(request instanceof HttpServletRequest)) {
			chain.doFilter(request, response);
			return;
		}

		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;

		if (httpRequest.isRequestedSessionIdFromURL()) {
			HttpSession session = httpRequest.getSession();
			if (session != null)
				session.invalidate();
		}
		// wrap response to remove URL encoding
		HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(
				httpResponse) {
			@Override
			public String encodeRedirectUrl(String url) {
				return url;
			}

			public String encodeRedirectURL(String url) {
				return url;
			}

			public String encodeUrl(String url) {
				return url;
			}

			public String encodeURL(String url) {
				return url;
			}
		};
		chain.doFilter(request, wrappedResponse);
	}

	public void init(FilterConfig config) throws ServletException {
	}

	public void destroy() {
	}
}


三: web.xml配置filter:
    <filter>
		   <filter-name>jsessionid</filter-name>
		   <filter-class>
		    xinyu.filter.DisableUrlSessionFilter
		   </filter-class>
		</filter>
		<filter-mapping>
		   <filter-name>jsessionid</filter-name>
		   <url-pattern>/*</url-pattern>
		</filter-mapping>