java - How do I remotely invalidate user's servlet session on-the-fly? -


i have page accounts alpha permissions may access. jsp checks session attribute named "alphaperm".

but problem i'm struggling if find user messing/abusing alpha testing permissions, want stop him immediately. can change permissions in database right away doesn't stop abuser right away.

a possible solution checking database every time users something, don't want because slow database down.

so how kill session on-the-fly (creating admin page plan, how users session object)? want make admin page can ban user.

you can keep references user sessions implementing httpsessionlistener. this example shows how implement session counter, keep references individual sessions storing them in context scoped collection. access sessions admin page, inspect attributes , invalidate of them. this post may have useful info.

edit: here's sample implementation (not tested):

public class mysessionlistener implements httpsessionlistener {      static public map<string, httpsession> getsessionmap(servletcontext appcontext) {         map<string, httpsession> sessionmap = (map<string, httpsession>) appcontext.getattribute("globalsessionmap");         if (sessionmap == null) {             sessionmap = new concurrenthashmap<string, httpsession>();             appcontext.setattribute("globalsessionmap", sessionmap);         }         return sessionmap;     }      @override     public void sessioncreated(httpsessionevent event) {         map<string, httpsession> sessionmap = getsessionmap(event.getsession().getservletcontext());         sessionmap.put(event.getsession().getid(), event.getsession());     }      @override     public void sessiondestroyed(httpsessionevent event) {         map<string, httpsession> sessionmap = getsessionmap(event.getsession().getservletcontext());         sessionmap.remove(event.getsession().getid());     } } 

you can access session map servlet:

collection<httpsession> sessions = mysessionlistener.getsessionmap(getservletcontext()).values(); 

Comments

Popular posts from this blog

image - ClassNotFoundException when add a prebuilt apk into system.img in android -

I need to import mysql 5.1 to 5.5? -

Java, Hibernate, MySQL - store UTC date-time -