On Wed, Sep 22, 2021 at 7:33 AM Arunachalam Sibisakkaravarthi < arunacha...@mcruncher.com> wrote:
> Is there a way to get all Active Sessions? > Is it possible to get Session using its id? > No. There is no such Servlet API. You need to keep track of them yourself, as you already do. > > > > *Thanks And RegardsSibi.ArunachalammCruncher* > > > On Tue, Sep 21, 2021 at 3:27 PM Arunachalam Sibisakkaravarthi < > arunacha...@mcruncher.com> wrote: > > > Okay, the map is kept in implementation of HttpSessionStore where > onUnbind method > > is overridden to remove the session entry from the map. > > > > This problem also happens when I click logout button in my app where > > following code will be executed > > > > LOGGER.info("Invalidating the session {} ...", > getCustomSession().getId()); > > getCoreSession().invalidateNow(); > > > > LOGGER.info("Session invalidated?: {}", > getSession().isSessionInvalidated()); > > LOGGER.info("Replacing the current session with a new one to protect > against session fixation attacks..."); > > getCustomSession().replaceSession(); //tried using changeSessionId, but > it doesn't help > > > > > > > > > > *Thanks And RegardsSibi.ArunachalammCruncher* > > > > > > On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mgrigo...@apache.org> > > wrote: > > > >> Hi, > >> > >> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi < > >> arunacha...@mcruncher.com> wrote: > >> > >> > Hi guys, > >> > User Session goes null and other user 's session is updated wrongly. > >> > > >> > I keep track of session instances in a map with username as key > >> > > >> > >> Where do you keep this map ? > >> I guess in some custom implementation of HttpSessionListener ?! > >> > >> > >> > The following happens in a scenario > >> > Assume 3 users (foouser, baruser, foobaruser) are there in the system > >> > > >> > 1. foouser was logged in > >> > 1.a) Session (id is 1) is stored in the map > >> > 2. baruser was logged in > >> > 2.a) Session (id is 2) is stored in the map > >> > 3. Session has expired for baruser > >> > 3.a) Trying to remove the baruser's session entry from the map > >> > 3.b) Got NullPointerException while accessing the session for > >> baruser > >> > stored in the map, because somehow the session was null, so I couldn't > >> > remove the entry from the map for baruser > >> > 4. foobaruser was logged in > >> > 4.a) Session (id is 3) is stored in the map > >> > 4.b) Session (id as 3) is updated in the map for baruser > >> > > >> > I have two questions > >> > 1. How was the baruser's session set to null? (step 3.b) > >> > 2. Why baruser's session was updated to the id which belongs to newly > >> > logged in user? (step 4.b)? > >> > > >> > Please help me to understand the problem. > >> > > >> > >> Since the map is managed in your application code we cannot tell you > >> without seeing your code. > >> > >> > >> > > >> > > >> > > >> > *Thanks And RegardsSibi.ArunachalammCruncher* > >> > > >> > > >