Spring MVC and Jetty: Prevent jsessionid from being used in RedirectView on redirect to external sit
Posted
by Moritz Both
on Stack Overflow
See other posts from Stack Overflow
or by Moritz Both
Published on 2010-05-26T08:59:07Z
Indexed on
2010/05/26
9:01 UTC
Read the original article
Hit count: 552
In Spring MVC 2.5 with Jetty - probably with any servlet container -, I want to redirect to an external site using RedirectView via the magic "redirect:" prefix for the view name in ModelAndView.
Unfortunately, RedirectView uses response.encodeURL(), so my (otherwiese wanted) session id is appended to the URL. It is not only a security risk to carry the session id to the external site, the ";jsessionid=gagnbaba" string may also be interpreted as part of the ContextPath/PathInfo on the other site, resulting in a bad URL.
Any "springish" options other than implement my own ExternalRedirectView... and also hack the ViewResolver to interpret a "externalRedirect:" prefix? (Requiring cookies is not an option.)
Moritz
© Stack Overflow or respective owner