Originally posted by Sainudheen Mydeen:
I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ?
Yes, that is what I want to do, which I don't think session.invalidate() would work in this case. My purpose of doing this is to track down somebody who logged in, made change #1 to his cart, closes the browser without logging out, logs back in before his first session times out, makes change #2 to his cart, and this time logs out properly using the logout button (this is the only place where I am able to invalidate the user). I use HttpSessionBindingListener to update my DB (user's cart) when the user logs off. The problem with the above scenario is that change #2 will go into effect immediately, and then change #1 will go into effect when the user's first session ends (~30 min. later), which is the reverse of the user's intention (change #2 to be the final change). My solution around this was to track all of the users who currently has an active session. Once I caught a user trying to log in again before his first session ends, I will help end his first session (which will make the user's change #1 go into effect right away) and allow him to start a new session. The problems comes with trying to end a specific session out of a list of active sessions.
I could have accomplish the task if I was able to capture of closing of the browser event, but apparently after searching through JavaRanch and else where the propose methods do not work. For instance, onBeforeUnload would not work because in addition to closing the browser, refreshing the browser or leaving the browser would also trigger the onBeforeUnload event.
Sorry for being so lengthy!