日期:2014-05-16 浏览次数:20354 次
public class DisableUrlSessionFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { chain.doFilter(request, response); return; } HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; if (httpRequest.isRequestedSessionIdFromURL()) { HttpSession session = httpRequest.getSession(); if (session != null) session.invalidate(); } HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper( httpResponse) { public String encodeRedirectUrl(String url) { return url; } public String encodeRedirectURL(String url) { return url; } public String encodeUrl(String url) { return url; } public String encodeURL(String url) { return url; } }; chain.doFilter(request, wrappedResponse); } @Override public void init(FilterConfig filterConfig) throws ServletException { } }
<!--to disable jsessionid in url --> <filter> <filter-name> DisableUrlSessionFilter </filter-name> <filter-class> com.abc.web.filter.DisableUrlSessionFilter </filter-class> </filter> <filter-mapping> <filter-name>DisableUrlSessionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>