Originally posted by grace chow:
if there is duplicate login, I wanna to logout the previous login.
I have the previous session ID, I wanna to know if it is possible to remove th previous session using this session id .so the the previous login will be invalidated.
There is an invalidate() method in the javax.servlet.http.HttpSession object. That would probably do it. Although, if you only have the session id and not the actual object, I'm not sure if you could get the HttpSession object. You could also use setMaxInactiveInterval() when you first create the sessions to something rather brief so that the old session (presumably inactive) would expire on its own. That could cause be a problem if your users will spend a lot of time being inactive -- their sessions will keep expiring.
How is it your users would be logging in twice?