TAGS :Viewed: 7 - Published at: a few seconds ago

[ How to delete a user session by admin forcely ]

I have a problem where I have to delete the user session forcefully if the admin has changed user's role.

For example: There are two users (A & B) They have logged in two different browsers. (IE & Chrome) Users A is a normal user and user B is a admin user.

User A has logged in to a application and mid of the operation, by the time admin has logged in to the application and have changed the role of the user A

Here I need to be log off user's A session.

I need some ideas on this problem.

Thanks in Advance. Udhayakumar

Answer 1

I think what you need is a HttpSessionListener which stores all the sessions when they are created, you can possibly map them with the userid. When a admin (assuming you can differentiate admin and normal user here) user logs in, he takes the session from the map and call the invalidate() method on that session.