Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

jodd.servlet.filter
Class RemoveSessionFromUrlFilter

java.lang.Object
  extended by jodd.servlet.filter.RemoveSessionFromUrlFilter
All Implemented Interfaces:
javax.servlet.Filter
public class RemoveSessionFromUrlFilter
extends java.lang.Object
implements javax.servlet.Filter

Protects from exposing session ids in URLs for security reasons. Does the following:

  • invalidates session if session id is exposed in the URL
  • removes session id from URLs.

    Constructor Summary
    RemoveSessionFromUrlFilter()
               
     
    Method Summary
     void destroy()
               
     void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
              Filters requests to remove URL-based session identifiers.
     void init(javax.servlet.FilterConfig config)
               
    protected  boolean isRequestedSessionIdFromURL(javax.servlet.http.HttpServletRequest servletRequest)
              Detects if session ID exist in the URL.
     
    Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
     

    Constructor Detail

    RemoveSessionFromUrlFilter

    public RemoveSessionFromUrlFilter()
    Method Detail

    doFilter

    public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
    Filters requests to remove URL-based session identifiers.

    Specified by:
    doFilter in interface javax.servlet.Filter
    Throws:
    java.io.IOException
    javax.servlet.ServletException

    isRequestedSessionIdFromURL

    protected boolean isRequestedSessionIdFromURL(javax.servlet.http.HttpServletRequest servletRequest)
    Detects if session ID exist in the URL. It works more reliable than servletRequest.isRequestedSessionIdFromURL().

    init

    public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException
    Specified by:
    init in interface javax.servlet.Filter
    Throws:
    javax.servlet.ServletException

    destroy

    public void destroy()
    Specified by:
    destroy in interface javax.servlet.Filter
    Overview  Package   Class  Tree  Deprecated  Index  Help 
     PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
    SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
    Copyright © 2003-2012 Jodd Team