Menu
In my application, I have an admin that can delete users. so when I delete a user from the admin session I want that the deleted user should get logged out automatically. I know the user's session id whom I delete but I don't know how to invalidate a session using the session id.
I would like something like: invalidate(SessionId);
Is it possible in any way? I think it is possible using a filter and checking the database every on request but is there another way where I don't need check the db on every httprequest?
Thanks. :D
986
I think I see a solution using the Spring Security infrastructure, with the SessionRegistry class.
You have to register the HttpSessionEventPublisher in the web.xml:
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
In your Spring config, declare the SessionRegistry.
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
In your administration console, you have to use the SessionRegistry to retrieve the SessionInformation of the user and call expireNow. At the next request of the user, a servlet filter should make the HttpSession expire. The javadoc of SessionInformation has some explanation about how it works.
Let us know if that helps.
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
