tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 13:02:02 GMT
The easiest is the filter and custom HttpServletResponse which overrides 
encodeURL() to do nothing.

It could be made one step smarter by checking if the User agent is a 
search engine bot to selectively execute or not.

-Tim

Mikolaj Rydzewski wrote:
> Hi,
> 
> As you may know url rewriting feature is not a nice thing when spiders 
> come to index your site - 
> http://gabrito.com/post/javas-seo-blunder-jsessionid.
> 
> There are a few solutions I'm thinking of:
> 
>    * configuration at Tomcat / web.xml level to disable/enable url
>      rewriting (unfortunately Tomcat doesn't support it)
>    * do not use <c:url, <html:link, and similiar tags - could be quite
>      expensive when working with Strurs or other framework
>    * extend classes for <c:url, <html:link and other tags not to make
>      use of url rewriting - seems quite a good solution, but could be a
>      problem with legacy applications
>    * apply a filter in web.xml to remove ;jsessionid=XXX from the
>      generated output - I'm afraid it'd be quite resource expensive
>      (lots of string operations)
>    * apply a filter in web.xml to inject custom HttpServletResponse
>      implementation with empty encodeURL method - seems quite interesting
>    * apply a similiar filter at the apache level (I assume one is uing
>      apache as a fronted to tomcat) - I didn't benchmark it, but I
>      suppose that a perl filter would be faster than similiar Java one
> 
> What are your opinions?
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message