shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Haile <>
Subject Re: Invalidating All Active Sessions
Date Wed, 29 Oct 2008 15:07:50 GMT
Currently the SessionManager interface doesn't allow you to invalidate  
all sessions.

One idea for how to handle your situation:
1) The AbstractSessionManager allows you to register a  
SessionListener.  You could register one that monitors which session  
IDs are currently active.

2) When your nightly job runs, you can then iterate through each  
session ID and double-check that the session ID is valid by calling  

3) For valid sessions, you can then call SessionManager.stop() to stop/ 
invalidate that session.

I haven't tried this myself, so let me know if this works or doesn't  
work for you!


On Oct 29, 2008, at 10:46 AM, Christopher Kwiatkowski wrote:

> I am using the Jsecurity Plugin in a Grails application.
> I have a job that runs in the early morning hours and the  
> requirement is
> that no one can be logged into the web application while this job is
> running.  Otherwise, there could be ConcurrentModification exceptions.
> Is there a method in the SessionManager that will timeout or  
> invalidate
> all active Jsecurity sessions thereby logging out all active users in
> the system?
> I am under a time crunch to get this added to the system for tonight's
> release.  I apologize if this question has already been answered on  
> this
> mailing list.
> Cheers!
> - Christopher

View raw message