You can disable for just search engines using this filter, but I'd advise using it for all responsesas it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits (more info).

您可以仅禁用使用此过滤器的搜索引擎，但我建议将它用于所有响应，因为它比搜索引擎不友好更糟糕。它公开了可用于某些安全漏洞的会话 ID（更多信息）。

Tomcat 6 (pre 6.0.30)

Tomcat 6（6.0.30 之前）

You can use the tuckey rewrite filter.

您可以使用tuckey 重写过滤器。

Example configfor Tuckey filter:

Tuckey 过滤器的示例配置：

<outbound-rule encodefirst="true">
  <name>Strip URL Session ID's</name>
  <from>^(.*?)(?:\;jsessionid=[^\?#]*)?(\?[^#]*)?(#.*)?$</from>
  <to></to>
</outbound-rule>

Tomcat 6 (6.0.30 and onwards)

Tomcat 6（6.0.30 及更高版本）

You can use disableURLRewritingin the context configuration to disable this behaviour.

您可以在上下文配置中使用disableURLRewriting来禁用此行为。

Tomcat 7 and Tomcat 8

雄猫 7 和雄猫 8

From Tomcat 7 onwardsyou can add the following in the session config.

从Tomcat 7 开始，您可以在会话配置中添加以下内容。

<session-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

Use a Filteron all URLs that wraps the responsein a HttpServletResponseWrapperthat simply returns the URL unchanged from encodeRedirectUrl, encodeRedirectURL, encodeUrland encodeURL.

使用Filter上封装了所有URLresponse中HttpServletResponseWrapper，简单地将URL返回从不变encodeRedirectUrl，encodeRedirectURL，encodeUrl和encodeURL。

Quote from Pool's answer:

引自 Pool 的回答：

You can use the tuckey rewrite filter.

You can disable for just search engines using this filter, but I'd advise using it for all responses as it's worse than just search engine unfriendly. It exposes the session ID which can be used for certain security exploits (more info).

您可以使用 tuckey 重写过滤器。

您可以仅禁用使用此过滤器的搜索引擎，但我建议将它用于所有响应，因为它比搜索引擎不友好更糟糕。它公开了可用于某些安全漏洞的会话 ID（更多信息）。

It's worth mentioning, that this will still allow cookie based session handling even though the jsessionid is not visible anymore. (taken from his other post: Can I turn off the HttpSession in web.xml?)

值得一提的是，即使 jsessionid 不再可见，这仍将允许基于 cookie 的会话处理。（摘自他的另一篇文章：我可以关闭 web.xml 中的 HttpSession 吗？）

PS. I don't have enough reputation to comment, otherwise I would have added this to his post above as a comment.

附注。我没有足够的声誉发表评论，否则我会将其添加到他上面的帖子中作为评论。

Also if you have Apache in front of Tomcat you can strip out the jsession with a mod_rewrite filter.

此外，如果您在 Tomcat 前面有 Apache，您可以使用 mod_rewrite 过滤器去除 jsession。

Add the following to your apache config.

将以下内容添加到您的 apache 配置中。

#Fix up tomcat jsession appending rule issue
RewriteRule  ^/(.*);jsessionid=(.*) / [R=301,L]

This will do a 301 redirect to a page without the jsessionid. Obviously this will completely disable url jsessionid's but this is what I needed.

这将执行 301 重定向到没有 jsessionid 的页面。显然，这将完全禁用 url jsessionid，但这正是我所需要的。

Cheers, Mark

干杯，马克

By default, cookies are enabled in Tomcat server(you can explicitly set it by using cookies=true in element of server.xml). Enabling cookies means that jsessionID will not be appended to URL's since session will be managed using cookies. However, even after cookies are enabled, jsessionID's are appended to the URL for first request as the webserver doesn't know at that stage if cookies have been enabled. To remove such jsessionIDs, you can using tuckey rewrite rules:

默认情况下，Tomcat 服务器中启用了 cookie（您可以通过在 server.xml 的元素中使用 cookies=true 来显式设置它）。启用 cookie 意味着 jsessionID 将不会附加到 URL 中，因为会话将使用 cookie 进行管理。但是，即使启用了 cookie，jsessionID 也会附加到第一个请求的 URL 中，因为 Web 服务器在该阶段不知道是否启用了 cookie。要删除此类 jsessionID，您可以使用 tuckey 重写规则：

You can find more information on this at http://javatechworld.blogspot.com/2011/01/how-to-remove-jsessionid-from-url-java.html

您可以在http://javatechworld.blogspot.com/2011/01/how-to-remove-jsessionid-from-url-java.html上找到更多信息

<outbound-rule encodefirst="true">
    <note>Remove jsessionid from embedded urls - for urls WITH query parameters</note>
    <from>^/(.*);jsessionid=.*[?](.*)$</from>
    <to encode="false">/?</to>
</outbound-rule>

<outbound-rule encodefirst="true">
    <note>Remove jsessionid from embedded urls - for urls WITHOUT query parameters</note>
    <from>^/(.*);jsessionid=.*[^?]$</from>
    <to encode="false">/</to>
</outbound-rule>

You can find more information on this at http://javatechworld.blogspot.com/2011/01/how-to-remove-jsessionid-from-url-java.html

您可以在http://javatechworld.blogspot.com/2011/01/how-to-remove-jsessionid-from-url-java.html上找到更多信息

It is possible to do this in Tomcat 6.0 with: disableURLRewriting

可以在 Tomcat 6.0 中使用： disableURLRewriting

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

e.g.

例如

<?xml version='1.0' encoding='utf-8'?>
<Context docBase="PATH_TO_WEBAPP" path="/CONTEXT" disableURLRewriting="true">
</Context>

Within Tomcat 7.0, this is controlled with the following within an application: ServletContext.setSessionTrackingModes()

在 Tomcat 7.0 中，这由应用程序中的以下内容控制： ServletContext.setSessionTrackingModes()

Tomcat 7.0 follows the Servlet 3.0 specifications.

Tomcat 7.0 遵循 Servlet 3.0 规范。

 <session-config>
     <tracking-mode>COOKIE</tracking-mode>
 </session-config> 

Tomcat 7 and Tomcat 8 support the above config in your web-app web.xml, which disables URL-based sessions.

Tomcat 7 和 Tomcat 8 在您的 web-app web.xml 中支持上述配置，这将禁用基于 URL 的会话。

In Tomcat 6.0 you could use disableURLRewriting="true" into context.xml from your /config path of you tomcat instalation.

在 Tomcat 6.0 中，您可以将 disableURLRewriting="true" 从您的 tomcat 安装的 /config 路径中​​使用到 context.xml 中。

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

context.xml file

上下文.xml 文件

<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context disableURLRewriting="true">

    <!-- Default set of monitored resources -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>

    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
    <!--
    <Manager pathname="" />
    -->

    <!-- Uncomment this to enable Comet connection tacking (provides events
         on session expiration as well as webapp lifecycle) -->
    <!--
    <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
    -->

</Context>

...

...

Now tomcat output it's search engine friendly...

现在 tomcat 输出它的搜索引擎友好...

Enjoy

享受