Is there a way to get all Active Sessions?
Is it possible to get Session using its id?
*Thanks And RegardsSibi.ArunachalammCruncher*
On Tue, Sep 21, 2021 at 3:27 PM Arunachalam Sibisakkaravarthi <
arunacha...@mcruncher.com> wrote:
> Okay, the map is kept in implementation of HttpSessionStore where onUnbind
> method
> is overridden to remove the session entry from the map.
>
> This problem also happens when I click logout button in my app where
> following code will be executed
>
> LOGGER.info("Invalidating the session {} ...", getCustomSession().getId());
> getCoreSession().invalidateNow();
>
> LOGGER.info("Session invalidated?: {}", getSession().isSessionInvalidated());
> LOGGER.info("Replacing the current session with a new one to protect against
> session fixation attacks...");
> getCustomSession().replaceSession(); //tried using changeSessionId, but it
> doesn't help
>
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>
>
> On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mgrigo...@apache.org>
> wrote:
>
>> Hi,
>>
>> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
>> arunacha...@mcruncher.com> wrote:
>>
>> > Hi guys,
>> > User Session goes null and other user 's session is updated wrongly.
>> >
>> > I keep track of session instances in a map with username as key
>> >
>>
>> Where do you keep this map ?
>> I guess in some custom implementation of HttpSessionListener ?!
>>
>>
>> > The following happens in a scenario
>> > Assume 3 users (foouser, baruser, foobaruser) are there in the system
>> >
>> > 1. foouser was logged in
>> > 1.a) Session (id is 1) is stored in the map
>> > 2. baruser was logged in
>> > 2.a) Session (id is 2) is stored in the map
>> > 3. Session has expired for baruser
>> > 3.a) Trying to remove the baruser's session entry from the map
>> > 3.b) Got NullPointerException while accessing the session for
>> baruser
>> > stored in the map, because somehow the session was null, so I couldn't
>> > remove the entry from the map for baruser
>> > 4. foobaruser was logged in
>> > 4.a) Session (id is 3) is stored in the map
>> > 4.b) Session (id as 3) is updated in the map for baruser
>> >
>> > I have two questions
>> > 1. How was the baruser's session set to null? (step 3.b)
>> > 2. Why baruser's session was updated to the id which belongs to newly
>> > logged in user? (step 4.b)?
>> >
>> > Please help me to understand the problem.
>> >
>>
>> Since the map is managed in your application code we cannot tell you
>> without seeing your code.
>>
>>
>> >
>> >
>> >
>> > *Thanks And RegardsSibi.ArunachalammCruncher*
>> >
>>
>
