assumes the sessionid is the same for that client only and the server will
invalidate THAT client�s session only...no other sessions will be touched.
I think what this person is trying to do is have another client able to see
all active sessions on a certain application and invalidate them. In other
words, the administrator can �boot� someone off the application much in the
same way a chat room administrator can boot some one off a channel.
With that said, I don�t know the actual answer to this question, but just
calling session.invalidate() isn�t going to solve this person�s problem.
On 5/13/04 12:30 PM, "Ben Groeneveld" <[EMAIL PROTECTED]> wrote:
> Gavin, I am not familiar with that approach. As an alternative, you may
> try session.invalidate() - I use it frequently. Hope that helps, BenG.
>
> [EMAIL PROTECTED] wrote:
>
>> > I am trying to write a servlet that enables an administrator to
>> > invalidate a user's session. I am using the SessionService class to
>> > access the user's session. However I keep getting null pointer
>> > exceptions on the relevant methods.
>> >
>> > I instantiated a SessionService object:
>> > SessionService sessionSrvc = new SessionService();
>> >
>> > Then I tried invoking the following methods , all of which returned
>> > null pointer exceptions:
>> >
>> > sessionSrvc.invalidateSession(SessionID);
>> > HttpSession sessionToDelete = sessionSrvc.findSession(SessionID);
>> > ArrayList sessionList = sessionSrvc.getSessions();
>> >
>> > Similar functionality was deprecated and removed from the java api for
>> > security reasons. Does anyone know if this has been disabled in the
>> > jrun api? Alternatively, does anyone know of another way to disable a
>> > particular user's session?
>> >
>> > Thanks for any help.
>> >
>> > Gavin
>> >
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
