去掉静态文件后面的jsessionid

jsessionid的危害及去除解决方案,原文： http://randomcoder.com/articles/jsessionid-considered-harmful  

其实就是加个filter截取所有URL并进行重写: 

 public class DisableUrlSessionFilter implements Filter {

     @Override
     public void destroy() {
     }

     @Override
     public void doFilter(ServletRequest request, ServletResponse response,
             FilterChain chain) throws IOException, ServletException {
         if (!(request instanceof HttpServletRequest)) {
             chain.doFilter(request, response);
             return;
         }
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
         if (httpRequest.isRequestedSessionIdFromURL()) {
             HttpSession session = httpRequest.getSession();
             if (session != null)
                 session.invalidate();
         }
         HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(
                 httpResponse) {
             public String encodeRedirectUrl(String url) {
                 return url;
             }

             public String encodeRedirectURL(String url) {
                 return url;
             }

             public String encodeUrl(String url) {
                 return url;
             }

             public String encodeURL(String url) {
                 return url;
             }
         };
         chain.doFilter(request, wrappedResponse);
     }

     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
     }


 }

然后是web.xml的配置: 

 <!--to disable jsessionid in url  -->
 <filter>
   <filter-name>
     DisableUrlSessionFilter
   </filter-name>
   <filter-class>
    com.abc.web.filter.DisableUrlSessionFilter
   </filter-class>
 </filter>

 <filter-mapping>
   <filter-name>DisableUrlSessionFilter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>