You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Christopher Kwiatkowski <ck...@uga.edu> on 2008/10/29 15:46:57 UTC
Invalidating All Active Sessions
I am using the Jsecurity Plugin in a Grails application.
I have a job that runs in the early morning hours and the requirement is
that no one can be logged into the web application while this job is
running. Otherwise, there could be ConcurrentModification exceptions.
Is there a method in the SessionManager that will timeout or invalidate
all active Jsecurity sessions thereby logging out all active users in
the system?
I am under a time crunch to get this added to the system for tonight's
release. I apologize if this question has already been answered on this
mailing list.
Cheers!
- Christopher
Re: Invalidating All Active Sessions
Posted by Christopher Kwiatkowski <ck...@uga.edu>.
I will give that a shot. I will report back as soon as I implement
something.
Thanks for the quick answer!
-----Original Message-----
From: Jeremy Haile <jh...@fastmail.fm>
Reply-To: jsecurity-dev@incubator.apache.org
To: jsecurity-dev@incubator.apache.org
Subject: Re: Invalidating All Active Sessions
Date: Wed, 29 Oct 2008 11:07:50 -0400
Currently the SessionManager interface doesn't allow you to invalidate
all sessions.
One idea for how to handle your situation:
1) The AbstractSessionManager allows you to register a
SessionListener. You could register one that monitors which session
IDs are currently active.
2) When your nightly job runs, you can then iterate through each
session ID and double-check that the session ID is valid by calling
isValid().
3) For valid sessions, you can then call SessionManager.stop() to stop/
invalidate that session.
I haven't tried this myself, so let me know if this works or doesn't
work for you!
Jeremy
On Oct 29, 2008, at 10:46 AM, Christopher Kwiatkowski wrote:
> I am using the Jsecurity Plugin in a Grails application.
> I have a job that runs in the early morning hours and the
> requirement is
> that no one can be logged into the web application while this job is
> running. Otherwise, there could be ConcurrentModification exceptions.
> Is there a method in the SessionManager that will timeout or
> invalidate
> all active Jsecurity sessions thereby logging out all active users in
> the system?
> I am under a time crunch to get this added to the system for tonight's
> release. I apologize if this question has already been answered on
> this
> mailing list.
> Cheers!
> - Christopher
>
>
>
Re: Invalidating All Active Sessions
Posted by Jeremy Haile <jh...@fastmail.fm>.
Currently the SessionManager interface doesn't allow you to invalidate
all sessions.
One idea for how to handle your situation:
1) The AbstractSessionManager allows you to register a
SessionListener. You could register one that monitors which session
IDs are currently active.
2) When your nightly job runs, you can then iterate through each
session ID and double-check that the session ID is valid by calling
isValid().
3) For valid sessions, you can then call SessionManager.stop() to stop/
invalidate that session.
I haven't tried this myself, so let me know if this works or doesn't
work for you!
Jeremy
On Oct 29, 2008, at 10:46 AM, Christopher Kwiatkowski wrote:
> I am using the Jsecurity Plugin in a Grails application.
> I have a job that runs in the early morning hours and the
> requirement is
> that no one can be logged into the web application while this job is
> running. Otherwise, there could be ConcurrentModification exceptions.
> Is there a method in the SessionManager that will timeout or
> invalidate
> all active Jsecurity sessions thereby logging out all active users in
> the system?
> I am under a time crunch to get this added to the system for tonight's
> release. I apologize if this question has already been answered on
> this
> mailing list.
> Cheers!
> - Christopher
>
>
>