Hey, we have a user-management system which manages all the users and their data. Through it we can disable or enable a user. If a user is disabled, we want to not allow the user to log in anymore, and in addition to that we want to check if the user is already logged in and if that's the case invalidate the user's session.
My question is knowing only the user principals (userid, name, etc, but not the sessionId) how can invalidate the user's session? Thanks, Mohica
