Currently the SessionManager interface doesn't allow you to invalidate
all sessions.
One idea for how to handle your situation:
1) The AbstractSessionManager allows you to register a
SessionListener. You could register one that monitors which session
IDs are currently active.
2) When your nightly job runs, you can then iterate through each
session ID and double-check that the session ID is valid by calling
isValid().
3) For valid sessions, you can then call SessionManager.stop() to stop/
invalidate that session.
I haven't tried this myself, so let me know if this works or doesn't
work for you!
Jeremy
On Oct 29, 2008, at 10:46 AM, Christopher Kwiatkowski wrote:
I am using the Jsecurity Plugin in a Grails application.
I have a job that runs in the early morning hours and the
requirement is
that no one can be logged into the web application while this job is
running. Otherwise, there could be ConcurrentModification exceptions.
Is there a method in the SessionManager that will timeout or
invalidate
all active Jsecurity sessions thereby logging out all active users in
the system?
I am under a time crunch to get this added to the system for tonight's
release. I apologize if this question has already been answered on
this
mailing list.
Cheers!
- Christopher
