The HttpSession object USED to have the ability to retrieve all sessions, that has for a while been deprecated. (not sure if its like the Date that is in a constant state of deprecation)
But by design and i imagine even moreso with Seam on top of it you have a nice layer of abstraction that may be hard to break into.
You could try ... but could be hard.
advice.... and mind you this is 5 minutes thinking of your problem. You could create an Application scoped object called
ForceLogout... then have some interceptors around your EJB so that if forced logout is set to true then you can have it automatically redirect to the login page.
Of course the problem with this approach is
resettingit. So in that same application scoped object you would probably need a list of all currently logged in users and you can add and remove them. Not sure how to do it now with Seam .... but you would then need to add a SessionListener, just in case they don't logout with a
Again this is just top of my head ...
But i think in general a model that is global maybe more
saferthan trying to intercept individuals session and resetting it.