Is there a way to get all Active Sessions? Is it possible to get Session using its id?
*Thanks And RegardsSibi.ArunachalammCruncher* On Tue, Sep 21, 2021 at 3:27 PM Arunachalam Sibisakkaravarthi < arunacha...@mcruncher.com> wrote: > Okay, the map is kept in implementation of HttpSessionStore where onUnbind > method > is overridden to remove the session entry from the map. > > This problem also happens when I click logout button in my app where > following code will be executed > > LOGGER.info("Invalidating the session {} ...", getCustomSession().getId()); > getCoreSession().invalidateNow(); > > LOGGER.info("Session invalidated?: {}", getSession().isSessionInvalidated()); > LOGGER.info("Replacing the current session with a new one to protect against > session fixation attacks..."); > getCustomSession().replaceSession(); //tried using changeSessionId, but it > doesn't help > > > > > *Thanks And RegardsSibi.ArunachalammCruncher* > > > On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mgrigo...@apache.org> > wrote: > >> Hi, >> >> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi < >> arunacha...@mcruncher.com> wrote: >> >> > Hi guys, >> > User Session goes null and other user 's session is updated wrongly. >> > >> > I keep track of session instances in a map with username as key >> > >> >> Where do you keep this map ? >> I guess in some custom implementation of HttpSessionListener ?! >> >> >> > The following happens in a scenario >> > Assume 3 users (foouser, baruser, foobaruser) are there in the system >> > >> > 1. foouser was logged in >> > 1.a) Session (id is 1) is stored in the map >> > 2. baruser was logged in >> > 2.a) Session (id is 2) is stored in the map >> > 3. Session has expired for baruser >> > 3.a) Trying to remove the baruser's session entry from the map >> > 3.b) Got NullPointerException while accessing the session for >> baruser >> > stored in the map, because somehow the session was null, so I couldn't >> > remove the entry from the map for baruser >> > 4. foobaruser was logged in >> > 4.a) Session (id is 3) is stored in the map >> > 4.b) Session (id as 3) is updated in the map for baruser >> > >> > I have two questions >> > 1. How was the baruser's session set to null? (step 3.b) >> > 2. Why baruser's session was updated to the id which belongs to newly >> > logged in user? (step 4.b)? >> > >> > Please help me to understand the problem. >> > >> >> Since the map is managed in your application code we cannot tell you >> without seeing your code. >> >> >> > >> > >> > >> > *Thanks And RegardsSibi.ArunachalammCruncher* >> > >> >