Retrieve and Invalidate Session using session id

We are storing all the HttpRequest session id in the table. Assume 100 users are active in an application.

If i query the table, i will get all the session ids.

1. How to load the corresponding HttpRequestSession using the id ??
2. How to invalidate few session based on the user details ??
Software ProgrammerAsked:
Who is Participating?
 
rrzConnect With a Mentor Commented:
How to load the corresponding HttpRequestSession using the id ??
I don't think you can do that. But, you could store the reference to the  HttpSession object in your table.  I don't know if this idea would work in a server cluster. Anyway, I did some testing with the following code. It seems to work ok.
package rrz;   
 import java.io.*;
 import java.util.*;
 import javax.servlet.*;
 import javax.servlet.http.*;
 import javax.servlet.annotation.WebListener;
 @WebListener
 public class UsersListener implements HttpSessionListener {
    private Hashtable sessionTable = null;
	ServletContext application = null;
    public void sessionCreated(HttpSessionEvent event) {
		HttpSession session = event.getSession();
		if(application == null)application = event.getSession().getServletContext();
	    sessionTable = (Hashtable)application.getAttribute("sessionTable");
        if(sessionTable == null){
            application.setAttribute("sessionTable",new Hashtable());  
            sessionTable = (Hashtable)application.getAttribute("sessionTable");
        }
        sessionTable.put(session.getId(), session); 
    }
    public void sessionDestroyed(HttpSessionEvent event) {
        sessionTable = (Hashtable)application.getAttribute("sessionTable");
        HttpSession session = event.getSession();
        sessionTable.remove(session.getId());
        System.out.println(" id of session removed:  " + session.getId());
    }
 }

Open in new window

and use this JSP to test
<%@ page import="java.util.*" %>
 <%
	Hashtable<String,HttpSession> sessionTable = (Hashtable<String,HttpSession>)application.getAttribute("sessionTable");
	String idDelete = request.getParameter("d");
	if(idDelete != null && !"".equals(idDelete.trim())){
		HttpSession sessionDelete = sessionTable.get(idDelete);
		if(sessionDelete != null)sessionDelete.invalidate();
		sessionTable.remove(idDelete);
	}
	out.print(" Ids in sessionTable <br/>");
	Set<String> ids = sessionTable.keySet();
	for(String id: ids){
	  out.print(id + "<br/>");
	}
 %>
 <html>
 <body>
 <br/><br/>
 My id is <%=request.getSession().getId()%><br/>
  <form>
  Copy and paste id to be deleted <input type="text" name="d" size="25">
  <input type="submit" value="Delete Session with pasted id">
</form>
 </body>
</html>

Open in new window

I used three different browsers on my desktop simultaneously  to test.
How to invalidate few session based on the user details ??
Are those details in the table?
0
 
Software ProgrammerAuthor Commented:
Yes session ids are stored in the mysql table
0
 
rrzCommented:
mysql table
That is different. You can't put a HttpSession reference in there. I am suggesting you use an application-scoped Hashtable.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Software ProgrammerAuthor Commented:
When the sessionDestroyed will get executed ?? How to access the session throughout the application which is being set in hashtable so that to make it invalidate ???
0
 
rrzConnect With a Mentor Commented:
When the sessionDestroyed will get executed ??
Since we are using the @WebListener annotation, the Servlet container will call the sessionDestroyed method just before the session will be destroyed. In my code, that can happen two ways. 1) the user has been inactive for the MaxInactiveInterval   2) some user browses to the JSP and copy and pastes a session id into the text box and clicks the submit button. In the scriptlet, the invalidate method is called on the session whose id was sent in the request parameter.
How to access the session throughout the application which is being set in hashtable so that to make it invalidate ???
I made the Hashtable application-scoped. Therefore it is available in all Servlets, JSPs, and Filters. If you want to make it accessible in your classes, then look at the accepted solution at
https://www.experts-exchange.com/questions/21811332/JSP-Configuration-FIle.html 
or look at my simplification just below Jim's answer.
0
 
Software ProgrammerAuthor Commented:
How about using Spring Security Context and get all the principal objects and retrieve the session and invalidate it? Is it safe to use it or right way to invalidate the other user's session in terms of security ?
0
 
rrzCommented:
I don't use Spring.
0
 
Software ProgrammerAuthor Commented:
Please kindly re-route this question to a spring expert for an answer.
0
 
rrzCommented:
You can add the appropriate Spring tag yourself. Go to top and click on tag edit button.
0
 
Software ProgrammerAuthor Commented:
I'm unable to add the spring tag from the beginning. it always throws error - "Please select at least one approved topic."
0
 
rrzCommented:
I guess you should ask a moderator.
0
 
Software ProgrammerAuthor Commented:
Rrz is correct..We can close this question..This has been resolved.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.