This isn't a critical item, but I would like to invalidate any sessions that are still out there when a user successfully resets their password after having lost it. This seems to make sense, since if they knew it they wouldn't be logged in, and they should use the new one after the change. Also, I don't have their Session available because they can't log in to acquire it.
I hunted around for something like this in the documentation, but couldn't find any way to get a specific Session based on one of the Session's attributes (I think that's the right term), only the ID, which I wouldn't have access to. I could probably find the way Shiro does it during a login, but I'd rather use a supported method for it. Thanks! Mike -- View this message in context: http://shiro-user.582556.n2.nabble.com/Possible-to-invalidate-session-for-a-specific-user-e-g-pwd-reset-tp7577800.html Sent from the Shiro User mailing list archive at Nabble.com.
