force all session log-out

views:

answers:

+1 Q:

force all session log-out

i'm using spring+tapestry for authenticate webuser. I wonder is there any technique i can force all users that currently login in to logout let say i'm on scenario where the site is 'under maintenance mode'

p/s: will it able to force all users' running process to finish and only force log out

I don't know anything about the technologies that you are talking about, but when I've wanted to this in similar languages I would delete the server copy of their session caches.

plod 2010-03-17 08:12:36

@plod what do u mean delete server session caches. u mean do it on application server's manager ?

cometta 2010-03-17 08:17:56

server sessions are usually cached in files or in a database like in /tmp or somewhere simular, deleting these files causes all your users to be logged off.

plod 2010-03-17 12:31:34

+3 A:

Two things come to my mind:

use HttpSessionListener to keep track of all sessions and invalidate them when the time comes. To use this you will need a Set of Session objects in your ServletContext (or less preferably - as a static field). Update that Set whenever a session is created or destroyed, and iterate the set when invalidation is needed.
use a Filter (mapped to /*) where, if certain conditions (maintenance == true) are met, invalidate the current session. Thus all users will be logged out on their next action. This would work in cases when "maintenance mode" doesn't mean "stop the whole server", but rather means "no operations should be performed by users, I'm doing something important in the background that should not be interfered"

Bozho 2010-03-17 09:00:26

@Bozho i like your idea

cometta 2010-03-17 09:17:19

2nd is not an option, you have to wait for the next action or the for the timeout. And time-out means session already destroyed what to force then. And the 1st option, I don't see how it will be of any help. It just have 2 methods which will be invoked on particular events. How it will force logout, I don't know. It might be helpful in performing some operation on session destroyed, but thats not the concern.

Adeel Ansari 2010-03-17 09:31:38

@Adeel Ansari the second option would work in case the maintanance mode doesn't mean "stop the server", but rather "stop all user operations". I've had a similar scenario.The first option - I said "keep track" - that would mean to store a reference to each session on creation (either in a static variable or in the servletContext preferably) and access them whenever needed.

Bozho 2010-03-17 09:43:39

Ah fair enough. Thanks.

Adeel Ansari 2010-03-17 09:55:03

+1 A:

The problem is trying to let them finish the request and only then log them out. I assume if they hit save on a form, you want the data to be saved but then they should be redirected to the maintenance page. For GET requests, you can just log the user out if the maintenance flag is set. POSTs are a litle harder because you want to complete the request but then sign them out and redirect them to the maintenance page. I would try a request filter. Handle the request like normal, but then invalidate the session and use response.sendRedirect if the maintenance flag is set.

Another option would be to use a JavaScript timer in the layout - hit a page periodically to see if they should be logged out. That probably wouldn't let them finish their current request though.

Brian Deterling 2010-03-17 15:41:32

@ya, javascript matter would be good

cometta 2010-03-18 01:03:55

ansaurus

tags:

views:

answers:

force all session log-out

related questions