Hmm, well, not that I know of. I mean, it would be a security breech for one user session to be able to see any other user's session, regardless of the user's role.
How this is usually acomplished, from my personal experience, is to use HttpSessionListener. Basically, when a user logs in you would want to either store a flag in a database that says that user is logged in or store something in Application scope. When the user logs off and/or the user's session is invalidated, change said flag.
What I meant was if user a was able to see user b's session for whatever reason, you wouldn't be able to limit that to a role based situation. It wouild either be all or nothing, so it wouldn't be a secure thing to have availabel in the API, imho.
Joined: Aug 20, 2002
We have about 1000 users worldwide, suppose if we need to perform a maintence work like restarting some of the services, deploying new build , it should not destroy their work.