[ How to delete a user session by admin forcely ]
I have a problem where I have to delete the user session forcefully if the admin has changed user's role.
For example: There are two users (A & B) They have logged in two different browsers. (IE & Chrome) Users A is a normal user and user B is a admin user.
User A has logged in to a application and mid of the operation, by the time admin has logged in to the application and have changed the role of the user A
Here I need to be log off user's A session.
I need some ideas on this problem.
Thanks in Advance. Udhayakumar
I think what you need is a HttpSessionListener which stores all the sessions when they are created, you can possibly map them with the userid. When a admin (assuming you can differentiate admin and normal user here) user logs in, he takes the session from the map and call the invalidate() method on that session.