tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Caruso <>
Subject Re: JSessionId and Google
Date Wed, 20 Dec 2006 17:30:54 GMT
Consider using a filter like this:



import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

//import org.apache.commons.logging.Log;
//import org.apache.commons.logging.LogFactory;

 * Replaces the Response with one that will never put in a jsession.

 * Here is what needs to go into the web.xml:
        <filter-name>JSession Strip Filter</filter-name>

        <filter-name>JSession Strip Filter</filter-name>

 * some of this code is from URLRewriteFilter
public class JSessionStripFilter implements Filter {
    private FilterConfig filterConfig = null;

    //private static final Log log = LogFactory.getLog(JSessionStripFilter.class.getName());
    public static String USING_JSESSION_STRIP = "usingJsessionStrip";

    public void init(FilterConfig filterConfig) throws ServletException {
        //"Filtering: no jsessionids will be generated.");
        this.filterConfig = filterConfig;

    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain) throws IOException, ServletException {
        HttpServletResponse hResponse = (HttpServletResponse)response;
        HttpServletRequest hRequest = (HttpServletRequest) request;
        hRequest.setAttribute(USING_JSESSION_STRIP, "true");

        if (hResponse.isCommitted()) {
            //log.error("response is comitted cannot forward " +
            //          " (check you haven't done anything to the response (ie, written to
it) before here)");
        chain.doFilter(hRequest, new StripSessionIdWrapper( hResponse) );


    public void destroy() {
        filterConfig = null;

     * This is a wrapper that does not encode urls with jsessions
    public class StripSessionIdWrapper extends HttpServletResponseWrapper {
        public StripSessionIdWrapper(HttpServletResponse response)
        public String encodeRedirectURL(String url) { return (url); }
        public String encodeUrl(String url) { return (url); }
        public String encodeURL(String url) { return (url); }


On Wednesday 06 December 2006 5:53 pm, Simon Pink wrote:
> Hi there,
> It is well noted by Google (and other search engines) that they do not like
> session tracking info as part of the URL. This does include JSessionId, and
> because Google visits your site as a cookieless user, every page indexed by
> them includes JSessionId, this is bad for numerous reasons - but the main
> reason is that Google may think you are cheating, as they are indexing the
> same page multiple times and it adversely effects your ranking.
> It is annoying as Tomcat deals with the URL according to standards, It seems
> to be everything else which doesn't. To be more precise, it is the ';' in
> the URL which servers such as Apache, and search engines and spiders like
> Google don't like much at all. By all rights Google should ignore the
> session id but it doesn't.
> Anyway, how do I turn this cookie-less tracking off for Tomcat? I would
> rather have better ranking (and not be banned) than have a minor percent of
> customers not being able to use my site. Or is there another solution that I
> have missed here?
> Kind Regards,
> Simon.
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Brian Caruso
Albert R. Mann Library
Cornell University 
Ithaca, NY 14853

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message