Jakarta 4.0 provides a nice method from javax.servlet.http.HttpSessionContext called getSession(
String) that takes the sessionID, but it has been deprecated for security reasons. I can see why. But, I still need to invalidate a session from another session. Any ideas?
I am writing a security piece for a web application that allows a user to login on another user's session and take it over. The other user is logged out and would have to log in again (hopefully under another id.)