ok, the way to invalidate a session by sessionid should be following
add *HttpSessionEventPublisher*
add *ConcurrentSessionFilter* into filter chain
invoke method *SessionRegistryImpl.getSessionInformation(String
sessionId).expireNow()*
**
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer