Craig, thanks for your responses! In one of your later messages, you
mentioned you have designed an admin app so that a user's session
can be terminated. I wonder how you did that.
Right now, what I did is:
#1. Create a static hashtable (indexed by userID) in my base servlet;
#2. Put the session into this hashtable when user logins;
#3. Then I can clear the user's session from my admin servlet if
given a valid userID;
The problem I have is this: if the web server gets restarted, then
my hashtable will be gone, but the existing users' sessions are still
active, and I can't clear them because my hashtable doesn't have
their references anymore. Now even if I serialize out my hashtable
to disk and read it back in when server restarts, I don't think they
will contain references to the same sessions. Am I right?
Thanks! --Pinghua
On Wednesday, Sep-29-1999 16:59 PM (PDT) [EMAIL PROTECTED] (Craig R.
McClanahan) wrote:
|> Pinghua Young wrote:
|>
|> > Is there any way to get a list of all active sessions?
|> >
|>
|> In the servlet API versions up through 2.0, this was possible using
|> HttpSessionContext. However, this entire class was deprecated, and the
|> functionality removed, as of version 2.1 of the API due to security concerns.
|> For example, any servlet in your context could go snooping through all the
|> user objects you've stored in all your sessions (which might contain sensitive
|> information), or maliciously remove such objects or invalidate the sessions on
|> you.
|>
|> Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
