Hello all,
i have a similar problem to Max Tomlinson. I want only one user to be able to log into my application. But because that user may close the browser window without logging out i need a mechanism to invalidate him and his session.So i have another user, the superuser, with special privileges, who is able to log in and invalidate the all active sessions.In order to do that I have made a HashMap ,instead of the ArrayList Dan suggested in his previous post ,where i keep the session_id (as the hashmap key) and the HttpSession objects. When i want to invalidate the sessions i log in as superuser and call a function that loops into the HashMap entries and for each session (except superuser's session) invalidates the sessions as following
httpSession.invalidate();
The problematic scenario is :
i log in as a simple user from pc1 and then i log in from another pc , pc2 as superuser and invalidate the sessions.
Then when i log in from pc1 as superuser i am redirected to the last page visited as simple user (before i invalidate him).It seems like invalidating the session works partially.Does anybody has any suggestions?