tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: Web spiders - disabling jsessionid
Date Fri, 01 Dec 2006 13:02:02 GMT
The easiest is the filter and custom HttpServletResponse which overrides 
encodeURL() to do nothing.

It could be made one step smarter by checking if the User agent is a 
search engine bot to selectively execute or not.


Mikolaj Rydzewski wrote:
> Hi,
> As you may know url rewriting feature is not a nice thing when spiders 
> come to index your site - 
> There are a few solutions I'm thinking of:
>    * configuration at Tomcat / web.xml level to disable/enable url
>      rewriting (unfortunately Tomcat doesn't support it)
>    * do not use <c:url, <html:link, and similiar tags - could be quite
>      expensive when working with Strurs or other framework
>    * extend classes for <c:url, <html:link and other tags not to make
>      use of url rewriting - seems quite a good solution, but could be a
>      problem with legacy applications
>    * apply a filter in web.xml to remove ;jsessionid=XXX from the
>      generated output - I'm afraid it'd be quite resource expensive
>      (lots of string operations)
>    * apply a filter in web.xml to inject custom HttpServletResponse
>      implementation with empty encodeURL method - seems quite interesting
>    * apply a similiar filter at the apache level (I assume one is uing
>      apache as a fronted to tomcat) - I didn't benchmark it, but I
>      suppose that a perl filter would be faster than similiar Java one
> What are your opinions?

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message