You can get all the session Ids from the HttpServletContext in Servlet 2.1 API, then get each session by Id, but this is deprecated functionality due to security concerns. The future servlet spec will probably not allow this - I think they want to make it more difficult for sessions to be able to easily get at eachother. In order to do what you want you will probably want to create your own tracking system that hooks into your login/logout code, or makes use of the valueBound/valueUnbound interface methods for HttpSessionBindingListener that the user object 'implements'.
chris c -----Original Message----- From: Chris Shenton [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 7:00 AM To: [EMAIL PROTECTED] Subject: How to see ALL sessions/users in a webapp? Terminate one? We're building a service and want to allow the service admin to see all the users currently logged into it, the ones with authenticated sessions which haven't timed out yet. I can't find anything in the docs that would indicate how to do this, or whether it's even possible. Seems like each session (including the application's admin) gets their own private session and has no visibility into others. Perhaps this is part of the basic servlet model, and not a Turbine issue. So is it possible to get a list of all active sessions of a webapp? If so, would it be possible to mark another session as invalid, so the user would be effectively "kicked off"? maybe doing something like "User.setHasLoggedIn(false)" or "RunData.removeUserFromSession()" with the target user's info? Any clues welcomed. Thanks. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
