hi all!
I know every session has a unique sessionID
If I keep all userID-sessionID record in my web app.
my question is, when I want to "force" an user to logout,
how do I use sessionID to find that session and kill it??
-
How to identify a session?? (2 messages)
- Posted by: thomas kuo
- Posted on: September 01 2002 22:24 EDT
Threaded Messages (2)
- How to identify a session?? by Lasse Koskela on September 02 2002 11:31 EDT
- How to identify a session?? by Anil Saldhana on September 03 2002 18:30 EDT
-
How to identify a session??[ Go to top ]
- Posted by: Lasse Koskela
- Posted on: September 02 2002 11:31 EDT
- in response to thomas kuo
I don't know if you can locate a HttpSession object without a HttpServletRequest/response object, but you could use an external storage for "live" session IDs and go remove the session ID from there. Of course each time the user makes a request, the storage should be checked to figure out if the session should be destroyed.
For example, you could use a HttpSessionListener to add/remove the session ID into/from the storage upon session creation/removal. -
How to identify a session??[ Go to top ]
- Posted by: Anil Saldhana
- Posted on: September 03 2002 18:30 EDT
- in response to thomas kuo
Store the HttpSession object on the servletcontext via
context.setAttribute( <anystr>, (HttpSession)obj)
Let anystr be the sessionid.
When you want to log an user out, remove the session object from the servletcontext(only one per webapp) and call
session.inValidate() This will invalidate the session When the user tries to do anything on this session, you can check if the session is valid and route him appropriately, to a "logged out" page.
Hope that helps...