I want to invalidate sessions of users based on some Event. I store their sessionID, how to get their HttpSession from this ID? The HttpSessionContext class is deprecated with no replacement.
The methods that are already doing this are deprecated. But you can implement the your idea useing HttpSessionListener, when a new session is created store it in a HashMap with session id as a key and object is actual HttpSessionObject. You can get the reference by this.
Servlet 2.2 specifically deprecated this for security reasons so there shouldn't be any official way to do this. Not recommended but you can can try to use Manager.findSession() if you use Tomcat.
I just removed HttpSession from my application. It's really hard to keep sessions in sync when many servers are running. We tried to tweak it by writing our own manager but can never get it work right. Finally, we wrote our own session implementation with about 500-lines of code and it works much better.