Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

explicitly making any user logout from the site

 
sachin yadav
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am using spring security for maintaining user authentication and authorization. We have different roles for our site. Now a admin can see all the logged in users and can logout any user from admin page.

I have an approach to make a custom filter and put it in the filter chain process of spring security. This filter will put the userId and sessionId of the user(after sucessful login), to a hashmap. A admin can iterate and see all the logged in users by iterating to that hash map.

Now when he clicks on logout button, how do i invalidate the session for that particular users. I can get sessionId based on a userId from hashmap, but i have no idea what to do with this session as i have no method like

HttpSession.invalidate(userSessionId);

Can someone please help me with any idea?
 
Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!