incubator-shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Kwiatkowski <ckw...@uga.edu>
Subject Re: Invalidating All Active Sessions
Date Wed, 29 Oct 2008 15:24:55 GMT
I will give that a shot.  I will report back as soon as I implement
something.
Thanks for the quick answer!



-----Original Message-----
From: Jeremy Haile <jhaile@fastmail.fm>
Reply-To: jsecurity-dev@incubator.apache.org
To: jsecurity-dev@incubator.apache.org
Subject: Re: Invalidating All Active Sessions
Date: Wed, 29 Oct 2008 11:07:50 -0400


Currently the SessionManager interface doesn't allow you to invalidate  
all sessions.

One idea for how to handle your situation:
1) The AbstractSessionManager allows you to register a  
SessionListener.  You could register one that monitors which session  
IDs are currently active.

2) When your nightly job runs, you can then iterate through each  
session ID and double-check that the session ID is valid by calling  
isValid().

3) For valid sessions, you can then call SessionManager.stop() to stop/ 
invalidate that session.

I haven't tried this myself, so let me know if this works or doesn't  
work for you!

Jeremy

On Oct 29, 2008, at 10:46 AM, Christopher Kwiatkowski wrote:

> I am using the Jsecurity Plugin in a Grails application.
> I have a job that runs in the early morning hours and the  
> requirement is
> that no one can be logged into the web application while this job is
> running.  Otherwise, there could be ConcurrentModification exceptions.
> Is there a method in the SessionManager that will timeout or  
> invalidate
> all active Jsecurity sessions thereby logging out all active users in
> the system?
> I am under a time crunch to get this added to the system for tonight's
> release.  I apologize if this question has already been answered on  
> this
> mailing list.
> Cheers!
> - Christopher
>
>
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message