All valid sessions are grouped together in a HttpSessionContext object. Theoretically, a server may have multiple session contexts, although in practice most have just one. A reference to the server's HttpSessionContext is available via any session object's getSessionContext() method:
public HttpSessionContext HttpSession.getSessionContext()
This method returns the context in which the session is bound. It throws an IllegalStateException if the session is invalid.
Once you have an HttpSessionContext, it's possible to use it to examine all the currently valid sessions with the following two methods:
public Enumeration HttpSessionContext.getIds()
public HttpSession HttpSessionContext.getSession(String sessionId)
The getIds() method returns an Enumeration that contains the session IDs for all the currently valid sessions in this context or an empty Enumeration if there are no valid sessions. getSession() returns the session associated with the given session ID. The session IDs returned by getIds() should be held as a server secret because any client with knowledge of another client's session ID can, with a forged cookie or URL, join the second client's session.
Remko (My website)
SCJP 1.5, SCWCD 1.4, SCDJWS 1.4, SCBCD 1.5, ITIL(Manager), Prince2(Practitioner), Reading/ gaining experience for SCEA,
Remko (My website)
SCJP 1.5, SCWCD 1.4, SCDJWS 1.4, SCBCD 1.5, ITIL(Manager), Prince2(Practitioner), Reading/ gaining experience for SCEA,
Originally posted by Remko Strating:
It's a shame that the methods are depreciated.
In my application I now log all the session id's into a database. But I don't have any method for sending a message to session. As I want to shutdown the server for updating, etc. This sounds for me very strange and I was happy that I found the methods.