用过sessionid防钓鱼 http://www.cnblogs.com/BearsTaR/archive/2010/08/24/URL_SESSION_ID_LEEK.html DisableUrlSessionFilter