• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

session ID

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am developing a product in which there is a ADMIN who can create number of USERS by giving their profile details and password too. these USER can perform certain tasks on this application by logging in from any computer.

Problem -:
If ADMIN deletes any USER from the same application on any computer and if this USER have logged in on any other computer before deletion performed, so even after account deletion , USER is able to perform all operations until he logs out once.

Thought -:
If ADMIN could invalidate the session when he deleting his account, then could solve. But how to know session of this logged in & getting deleted USER???

If you have understood, please reply me soon...............
 
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One option is to use SessionRegistry

From that you can get the SessionInformation

and call expireNow()

from the API docs

Sessions have three states: active, expired, and destroyed. A session can that is invalidated by session.invalidate() or via Servlet Container management is considered "destroyed". An "expired" session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for some reason (generally as it was the least recently used session and the maximum sessions for the user were reached). An "expired" session is removed as soon as possible by a Filter.

 
deepak mundhada
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for reply!

But would i be able to stop that USER having logged in to the system when ADMIN at same time deleting that USER???
 
Bill Gorder
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well when you delete the user you would get his active session if it exists and expire it. This should cause him to be redirected to the login page.
 
I'm gonna teach you a lesson! Start by looking at this tiny ad:
create, convert, edit or print DOC and DOCX in Java
https://products.aspose.com/words/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!