I have got a ServletContextListener that does initialization and cleanup for my webapp. I was wondering if there was a way to: 1. Get the pool of sessions for my webapp (as a collection on which i can iterate or enumerate). this would allow me to call session.invalidate on all these session objects. 2. Invalidate all sessions to my webapp in this Listener ? If not, in what way can I invalidate all sessions when i start / reload my webapp ? Thanks
Before writing code to do this, I was wanting to know if the container provided any mechanism to do this. For invalidating sessions it seems Tomcat's server.xml can be tweaked to include: <Manager className="org.apache.catalina.session.PersistentManager" debug="0" saveOnRestart="false" maxActiveSessions="-1" minIdleSwap="-1" maxIdleSwap="-1" maxIdleBackup="-1"> <Store className="org.apache.catalina.session.FileStore"/> </Manager> The problem is that even after doing the above, it does not work for me. I did the following test to test my webapp after i put the above in the server.xml: 1. started tomcat. 2. started a browser, logged into MyApp and used it. 3. stopped tomcat and restarted tomcat . (kept the browser window that i was using in step 2 open). 4. went back to my browser window from step 2 and tried to continue using my MyApp by clicking on one of the links to a jsp page. The browser showed me a blank window - AT THIS POINT I checked the session attribute and it was still existing. My code that redirects the user to the login page checks to see if this attribute is not there or is false. Since its present and is true it does not redirect the user. The only way i can redirect the user to the login page is by invalidating the session he or she is using . For this i made the change to the server.xml. Any ideas why this isnt working ?