除开URL后面的jsessionid
日期:2014-05-16 浏览次数:20343 次
去除URL后面的jsessionid
jsessionid的危害及去除解决方案,原文:http://randomcoder.com/articles/jsessionid-considered-harmful
其实就是加个filter截取所有URL并进行重写:
然后是web.xml的配置:
jsessionid的危害及去除解决方案,原文:http://randomcoder.com/articles/jsessionid-considered-harmful
其实就是加个filter截取所有URL并进行重写:
public class DisableUrlSessionFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
chain.doFilter(request, response);
return;
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (httpRequest.isRequestedSessionIdFromURL()) {
HttpSession session = httpRequest.getSession();
if (session != null)
session.invalidate();
}
HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(
httpResponse) {
public String encodeRedirectUrl(String url) {
return url;
}
public String encodeRedirectURL(String url) {
return url;
}
public String encodeUrl(String url) {
return url;
}
public String encodeURL(String url) {
return url;
}
};
chain.doFilter(request, wrappedResponse);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}然后是web.xml的配置:
<!--to disable jsessionid in url --> <filter> <filter-name> DisableUrlSessionFilter </filter-name> <filter-class> com.abc.web.filter.DisableUrlSessionFilter </filter-class> </filter> <filter-mapping> <filter-name>DisableUrlSessionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
1 楼
murener
2011-12-30
那session不是丢失了吗?
2 楼
twovs
昨天
他根本就没试验过,只是照抄而已,urljsessionid
根本不理会这个filter,照样带着
根本不理会这个filter,照样带着
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
