| Author |
session ID
|
deepak mundhada
Greenhorn
Joined: May 10, 2012
Posts: 5
|
|
I am developing a product in which there is a ADMIN who can create number of USERS by giving their profile details and password too. these USER can perform certain tasks on this application by logging in from any computer.
Problem -:
If ADMIN deletes any USER from the same application on any computer and if this USER have logged in on any other computer before deletion performed, so even after account deletion , USER is able to perform all operations until he logs out once.
Thought -:
If ADMIN could invalidate the session when he deleting his account, then could solve. But how to know session of this logged in & getting deleted USER???
If you have understood, please reply me soon...............
|
 |
Bill Gorder
Bartender
Joined: Mar 07, 2010
Posts: 1282
|
|
One option is to use SessionRegistry
From that you can get the SessionInformation
and call expireNow()
from the API docs
Sessions have three states: active, expired, and destroyed. A session can that is invalidated by session.invalidate() or via Servlet Container management is considered "destroyed". An "expired" session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for some reason (generally as it was the least recently used session and the maximum sessions for the user were reached). An "expired" session is removed as soon as possible by a Filter.
|
[How To Ask Questions][Read before you PM me]
|
|
deepak mundhada
Greenhorn
Joined: May 10, 2012
Posts: 5
|
|
Thanks for reply!
But would i be able to stop that USER having logged in to the system when ADMIN at same time deleting that USER???
|
|
Bill Gorder
Bartender
Joined: Mar 07, 2010
Posts: 1282
|
|
|
Well when you delete the user you would get his active session if it exists and expire it. This should cause him to be redirected to the login page.
|
|
 |
|
|
subject: session ID
|
|
|
0
