I need to log out a given user that is currently logged in programmatically, for the following use case and perhaps an admin command later.
The use case is this: I've implemented logic for preventing an account being logged into concurrently. Suppose that somehow someone enters in possession of the user/password of the account creator and uses his account w/ or w/o his permission. I want to give the main user/creator, the one who registered the account and knows its email, the ability to reclaim his account by doing the following: > use an "I forgot my password" link > enter account email (unique) > get a confirmation link in email > on link activation, the password is changed and all other instances of the > account must be logged out (only one can exist, because there can't be any > two other logged in at one time); the user gets the new password in his > email (and recommended to change it after login) That way the account is recoverable. So the question is: * How to log out a logged in account?* P.S. How to clear up default org.apache.shiro.cache.ehcache.EhCacheManager (sorry I forgot :), and in what circumstances is it useful - can't relocate this in the documentation... perhaps someone can link me please -- View this message in context: http://shiro-user.582556.n2.nabble.com/logging-out-any-user-tp7417622p7417622.html Sent from the Shiro User mailing list archive at Nabble.com.
