Reputation: 736
Destroying specific user session in JSF
In my page I have administrative panel for managing users.
Assume I delete or block any user and this user is already logged into my webpage.
How can I destroy his/her session?
Users log in through j_security_check
(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest().login(getUsername(), getPassword());
Using:
- JSF 2.1
- Primefaces 2.2.1
- Glassfish 3.1
Upvotes: 1
Views: 1903
Answers (2)
Reputation: 19027
You can make use of sesssionObject.invalidate() method to do so as follows.
HttpSession session=
(HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(true);
session.invalidate();
The invalidate() method on a session object will destroy the current session which is going on.
Upvotes: 0
Reputation: 691715
You could put some "invalidated" flag in a application-level map, or in the database, and have a servlet filter check at each request that the current user's "invalidated" flag is not set.
Upvotes: 2
Related Questions
- session fixation - delete session after login and make a new session - but user is then not logged in anymore
- Changing the value of a JSF SessionScoped Bean to log out user
- How to destroy JSF session created after Http status 403
- Why shouldn't I destroy http session on user logout?
- JSF logout other users while maintaining my active session.
- Invalidate Session of a specific user
- Using servlet to log user out in Java EE application
- clear the session after logout
- JSF 2 - How to destroy a session-scoped bean
- JSF authentication logout