Hi Jose:
Here is a suggested solution. There are security issues involved in having
a servlet with this kind of capability but I'm assuming you already
understand
that risk. I'm assuming that this application is running on a single
instance
of GlassFish.
Part 1: "Data Gathering"
You want your servlet to be able to keep track of all sessions created.
If you make your servlet implement this interface
(javax.servlet.http.HttpSessionListener)
you will get a sessionCreated event firing for every session for your app
created or activated on your instance.
This includes (for example) if session "a" got created first on
instance1 then your listener
on instance1 gets fired.
So based on this you will have a data structure (I would recommend some
kind of weak map) on
your servlet. In it would be a map from sessionids to the actual
session objects.
Part 2: "Processing the request to invalidate a list of sessionid's
(locally)."
For the local instance, this would mean simply iterating over your map,
attempting to
get each of the ids and for those you find, I guess your intention is to
call invalidate().
(Some you will not find because they are either already gone through
invalidation or
expiration) Also for housekeeping as you
finish with each key in your structure you should remove it (to avoid a
memory leak).
That's also the thinking behind our recommendation to use a weak map.
hope this helps
Jose Noheda wrote:
> Hi,
>
> We need to retrieve and invalidate all user sessions where the user
> happens to have a specific attribute. Is this possible? How can we get
> a handle to other users' sessions?
>
> Regards,
>
> JoSE
> ====