On Wed, Sep 22, 2021 at 7:33 AM Arunachalam Sibisakkaravarthi <
arunacha...@mcruncher.com> wrote:
> Is there a way to get all Active Sessions?
> Is it possible to get Session using its id?
>
No. There is no such Servlet API.
You need to keep track of them yourself, as you already do.
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>
>
> On Tue, Sep 21, 2021 at 3:27 PM Arunachalam Sibisakkaravarthi <
> arunacha...@mcruncher.com> wrote:
>
> > Okay, the map is kept in implementation of HttpSessionStore where
> onUnbind method
> > is overridden to remove the session entry from the map.
> >
> > This problem also happens when I click logout button in my app where
> > following code will be executed
> >
> > LOGGER.info("Invalidating the session {} ...",
> getCustomSession().getId());
> > getCoreSession().invalidateNow();
> >
> > LOGGER.info("Session invalidated?: {}",
> getSession().isSessionInvalidated());
> > LOGGER.info("Replacing the current session with a new one to protect
> against session fixation attacks...");
> > getCustomSession().replaceSession(); //tried using changeSessionId, but
> it doesn't help
> >
> >
> >
> >
> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >
> >
> > On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mgrigo...@apache.org>
> > wrote:
> >
> >> Hi,
> >>
> >> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
> >> arunacha...@mcruncher.com> wrote:
> >>
> >> > Hi guys,
> >> > User Session goes null and other user 's session is updated wrongly.
> >> >
> >> > I keep track of session instances in a map with username as key
> >> >
> >>
> >> Where do you keep this map ?
> >> I guess in some custom implementation of HttpSessionListener ?!
> >>
> >>
> >> > The following happens in a scenario
> >> > Assume 3 users (foouser, baruser, foobaruser) are there in the system
> >> >
> >> > 1. foouser was logged in
> >> > 1.a) Session (id is 1) is stored in the map
> >> > 2. baruser was logged in
> >> > 2.a) Session (id is 2) is stored in the map
> >> > 3. Session has expired for baruser
> >> > 3.a) Trying to remove the baruser's session entry from the map
> >> > 3.b) Got NullPointerException while accessing the session for
> >> baruser
> >> > stored in the map, because somehow the session was null, so I couldn't
> >> > remove the entry from the map for baruser
> >> > 4. foobaruser was logged in
> >> > 4.a) Session (id is 3) is stored in the map
> >> > 4.b) Session (id as 3) is updated in the map for baruser
> >> >
> >> > I have two questions
> >> > 1. How was the baruser's session set to null? (step 3.b)
> >> > 2. Why baruser's session was updated to the id which belongs to newly
> >> > logged in user? (step 4.b)?
> >> >
> >> > Please help me to understand the problem.
> >> >
> >>
> >> Since the map is managed in your application code we cannot tell you
> >> without seeing your code.
> >>
> >>
> >> >
> >> >
> >> >
> >> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >> >
> >>
> >
>
