用过sessionid防钓鱼

http://www.cnblogs.com/BearsTaR/archive/2010/08/24/URL_SESSION_ID_LEEK.html

DisableUrlSessionFilter