Retrieve and Invalidate Session using session id

We are storing all the HttpRequest session id in the table. Assume 100 users are active in an application.

If i query the table, i will get all the session ids.

1. How to load the corresponding HttpRequestSession using the id ??
2. How to invalidate few session based on the user details ??
Software ProgrammerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rrzCommented:
How to load the corresponding HttpRequestSession using the id ??
I don't think you can do that. But, you could store the reference to the  HttpSession object in your table.  I don't know if this idea would work in a server cluster. Anyway, I did some testing with the following code. It seems to work ok.
package rrz;   
 import java.io.*;
 import java.util.*;
 import javax.servlet.*;
 import javax.servlet.http.*;
 import javax.servlet.annotation.WebListener;
 @WebListener
 public class UsersListener implements HttpSessionListener {
    private Hashtable sessionTable = null;
	ServletContext application = null;
    public void sessionCreated(HttpSessionEvent event) {
		HttpSession session = event.getSession();
		if(application == null)application = event.getSession().getServletContext();
	    sessionTable = (Hashtable)application.getAttribute("sessionTable");
        if(sessionTable == null){
            application.setAttribute("sessionTable",new Hashtable());  
            sessionTable = (Hashtable)application.getAttribute("sessionTable");
        }
        sessionTable.put(session.getId(), session); 
    }
    public void sessionDestroyed(HttpSessionEvent event) {
        sessionTable = (Hashtable)application.getAttribute("sessionTable");
        HttpSession session = event.getSession();
        sessionTable.remove(session.getId());
        System.out.println(" id of session removed:  " + session.getId());
    }
 }

Open in new window

and use this JSP to test
<%@ page import="java.util.*" %>
 <%
	Hashtable<String,HttpSession> sessionTable = (Hashtable<String,HttpSession>)application.getAttribute("sessionTable");
	String idDelete = request.getParameter("d");
	if(idDelete != null && !"".equals(idDelete.trim())){
		HttpSession sessionDelete = sessionTable.get(idDelete);
		if(sessionDelete != null)sessionDelete.invalidate();
		sessionTable.remove(idDelete);
	}
	out.print(" Ids in sessionTable <br/>");
	Set<String> ids = sessionTable.keySet();
	for(String id: ids){
	  out.print(id + "<br/>");
	}
 %>
 <html>
 <body>
 <br/><br/>
 My id is <%=request.getSession().getId()%><br/>
  <form>
  Copy and paste id to be deleted <input type="text" name="d" size="25">
  <input type="submit" value="Delete Session with pasted id">
</form>
 </body>
</html>

Open in new window

I used three different browsers on my desktop simultaneously  to test.
How to invalidate few session based on the user details ??
Are those details in the table?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Software ProgrammerAuthor Commented:
Yes session ids are stored in the mysql table
0
rrzCommented:
mysql table
That is different. You can't put a HttpSession reference in there. I am suggesting you use an application-scoped Hashtable.
0
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Software ProgrammerAuthor Commented:
When the sessionDestroyed will get executed ?? How to access the session throughout the application which is being set in hashtable so that to make it invalidate ???
0
rrzCommented:
When the sessionDestroyed will get executed ??
Since we are using the @WebListener annotation, the Servlet container will call the sessionDestroyed method just before the session will be destroyed. In my code, that can happen two ways. 1) the user has been inactive for the MaxInactiveInterval   2) some user browses to the JSP and copy and pastes a session id into the text box and clicks the submit button. In the scriptlet, the invalidate method is called on the session whose id was sent in the request parameter.
How to access the session throughout the application which is being set in hashtable so that to make it invalidate ???
I made the Hashtable application-scoped. Therefore it is available in all Servlets, JSPs, and Filters. If you want to make it accessible in your classes, then look at the accepted solution at
https://www.experts-exchange.com/questions/21811332/JSP-Configuration-FIle.html 
or look at my simplification just below Jim's answer.
0
Software ProgrammerAuthor Commented:
How about using Spring Security Context and get all the principal objects and retrieve the session and invalidate it? Is it safe to use it or right way to invalidate the other user's session in terms of security ?
0
rrzCommented:
I don't use Spring.
0
Software ProgrammerAuthor Commented:
Please kindly re-route this question to a spring expert for an answer.
0
rrzCommented:
You can add the appropriate Spring tag yourself. Go to top and click on tag edit button.
0
Software ProgrammerAuthor Commented:
I'm unable to add the spring tag from the beginning. it always throws error - "Please select at least one approved topic."
0
rrzCommented:
I guess you should ask a moderator.
0
Software ProgrammerAuthor Commented:
Rrz is correct..We can close this question..This has been resolved.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.