Then you can create an HTTPSessionListener and add all started sessions to a collection. You can then iterate all of them to invalidate them when you want to.
E Armitage wrote:Then you can create an HTTPSessionListener and add all started sessions to a collection. You can then iterate all of them to invalidate them when you want to.
it may cause memory leaks. it can store that session in which user just hit page not logged in and keeps its reference for always.