How to avoid ;jsessionid=XXX on the first call to a page? it works if first page is jsp
I have an application which uses the welcome-page index.jsp with an the contents of the iframe is a jsf page. If I access index.js
-
Since Servlet 3.0 you could use
<tracking-mode>COOKIE</tracking-mode>for this. But as JBoss 4.2.2 isn't Servlet 3.0 compilant, this isn't an option.Easiest would be to create a servlet filter which sends a redirect to HttpServletRequest#getRequestURI() when HttpSession#isNew() returns
true. Don't forget to check the HttpServletRequest#isRequestedSessionIdFromCookie() to prevent an infinite redirect loop when the client doesn't support cookies at all.讨论(0) -
Based on Christopher Schultz recommendation I tried this and it works.
package com.rama.test.jsessionfilter public class JsessionIdAvoiderFilter implements Filter { protected static final Logger LOGGER = LogManager.getLogger(JsessionIdAvoiderFilter.class); public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { if (!(req instanceof HttpServletRequest)) { chain.doFilter(req, res); return; } HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; // Redirect requests with JSESSIONID in URL to clean old links /* If you really want clean up some old links which have Jsession id bookmarked clean it. If its new app this below check is not required. */ if (request.isRequestedSessionIdFromURL()) { String url = request.getRequestURL().append(request.getQueryString() != null ? "?" + request.getQueryString() : "").toString(); response.setHeader("Location", url); response.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY); LOGGER.info(" Found url with jsession id in it:"+ request.getRequestURL() +": url="+url); return; } // Prevent rendering of JSESSIONID in URLs for all outgoing links HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper( response) { @Override public String encodeRedirectUrl(String url) { return url; } @Override public String encodeRedirectURL(String url) { return url; } @Override public String encodeUrl(String url) { return url; } @Override public String encodeURL(String url) { return url; } }; chain.doFilter(req, wrappedResponse); } public void destroy() { } public void init(FilterConfig arg0) throws ServletException { } }and the following entry in web.xml
<filter> <display-name>JsessionId Filter</display-name> <filter-name>jsessionIdAvoiderFilter</filter-name> <filter-class>com.rama.test.jsessionfilter.JsessionIdAvoiderFilter</filter-class> </filter> <filter-mapping> <filter-name>jsessionIdAvoiderFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>Works great !!!.
讨论(0) -
This can be done with a simple Filter that wraps the request with an HttpServletRequest which overrides HttpServletRequest.encodeURL and HttpServletRequest.encodeRedirectURL. Simply return the String argument passed to it and you will disable URL re-writing. Note that this will only work for a single webapp unless you want to either configure it in
conf/web.xml(not recommended) or configure it in all of your separate webapps.This technique is superior to that posted later in your question because it does not require redirection which can slow-down your requests. IMO, it's also cleaner.
讨论(0)
加载中...
- 热议问题