1 Reply Latest reply on Mar 20, 2009 12:42 PM by nimo stephan

    Session Management - how to destroy any session context

    Raimund Hölle Newbie

      Hello,


      i need for some reasons to end a HTTP Session or, at least, destroy the session & conversation contexts of the session (reasons see below post if you want know).


      I've tried the following:


      General, i track all existing sessions in an application scoped component, including HTTP session ID, user name and so on.



      First try: Using JMX MBean, e. g.:




      ObjectName objName = new ObjectName("jboss.web:host=localhost,path=/MyApp,type=Manager");
      mbeanServer.invoke(objName, "expireSession", 
                                 new String[] { sessionInfo.getHttpSessionId() },
                                 new String[] { "java.lang.String" });
      



      This works very well if using outside the application (e. g. using the JMX console). If i try that inside the application (using own management views) i get the following exception:


      ERROR [[/MyApp]] Session event listener threw exception
      java.lang.IllegalStateException: Please end the HttpSession via Seam.invalidateSession()
              at org.jboss.seam.contexts.Lifecycle.endSession(Lifecycle.java:221)





      Second try:



      I track also the SEAM session-Object:


      Session session = Session.instance();



      Then, later, i call


      session.invalidate();



      That works, but: the session context will not deleted until a HTTPP request of the killed session! (Like SEAM's conversation timeout facility).


      So this helps just as little as the first try.


      Has anyone an idea to solve that problem?


      Many regards,
      Raimund


      P.S. Why do i need that?
      The problem is that a conversation writes some logical locking flags to the database to avoid concurrently access to specific objects. These flags will be reset if the conversation ends (t. m. a conversation scoped bean is destroyed).


      If now the user closes the browser without ending the action properly the object will be locked until a session timeout.


      Unfortunately, SEAM conversation timeout does not help because it is detected only on a request of the session - which never will occur.


      Currently, the session timeout is relatively long (30 Minutes) to prevent the user from permanently reconnect if they - for example - are disturbed by a phone call.