I'm writing a system which uses HttpSession instances to hold a username for people logged into the system. It would be useful to be able to list everyone currently connected to the system, as well as invalidate a user's session if that user was deleted from the system.
Maintaining a list of users which have logged in, and removing them from the list as they log out would be fine, except that if they don't log out, but instead just leave their session to timeout, this wouldn't be caught. This would also provide no capability to invalidate sessions, from a different session. My second idea was to maintain a list of the instances, however I cannot find any way to check that a session is still valid, incase one times out. The last possibility would have been to keep a list of session IDs, and use HttpSessionContext.getSession () to fetch sessions as necessary, however the HttpSessionContext.getSession () has been deprecated, with not replacement AFAIK. Does anyone have any suggestions as to possible solutions? ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
