I am developing a product in which there is a ADMIN who can create number of USERS by giving their profile details and password too. these USER can perform certain tasks on this application by logging in from any computer.
If ADMIN deletes any USER from the same application on any computer and if this USER have logged in on any other computer before deletion performed, so even after account deletion , USER is able to perform all operations until he logs out once.
If ADMIN could invalidate the session when he deleting his account, then could solve. But how to know session of this logged in & getting deleted USER???
If you have understood, please reply me soon...............
Sessions have three states: active, expired, and destroyed. A session can that is invalidated by session.invalidate() or via Servlet Container management is considered "destroyed". An "expired" session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for some reason (generally as it was the least recently used session and the maximum sessions for the user were reached). An "expired" session is removed as soon as possible by a Filter.