• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to invalidate a user session, when I only have a session ID?

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How to invalidate a user session, when I only have a session ID?

Here are some more info:

1) I have a servlet called LogoutServlet.java that programmatically invalidates user HttpSession.
2) I do a Single Sign On to a third party web application, i.e. ssoWeb. I tell him my sessionID. After a while, ssoWeb invokes my LogoutServlet and passed me back the sessionID.

Now I want to invalidate that session, how do I do it?

I noticed HttpSessionContext has a method getSession(String sessionId). However, I don't want to use it, since it is deprecated.

Thank you.
 
Ranch Hand
Posts: 425
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You have to use JMX to get the list of session and call the invaidate() method on that session. JMX MBeans vary across servers. In WebLogic you have WebAppComponentRuntimeMBean which has an API to access Servlet session(s) and ServletSessionMBean to controll the session. You may have to consult your web app server JMX doc.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With a session listener, you could put a reference to each session in a map when it's created. Use the sessionID as it's key.
When the session is invalidated, be sure to pull it from the map.
Bind the map to application scope.

I have some sample code that does similar things for session tracking.
http://simple.souther.us/not-so-simple.html
Look for Session Monitor.
[ September 22, 2006: Message edited by: Ben Souther ]
 
I knew I would regret that burrito. But this tiny ad has never caused regrets:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic