Change your query in shiro.ini and add something like "and active=true"
Mohica Jasha <[email protected]> wrote: >Hey, > > >we have a user-management system which manages all the users and their data. >Through it we can disable or enable a user. > >If a user is disabled, we want to not allow the user to log in anymore, and in >addition to that we want to check if the user is already logged in and if >that's the case invalidate the user's session. > > >My question is knowing only the user principals (userid, name, etc, but not >the sessionId) how can invalidate the user's session? > > >Thanks, > >Mohica >
