Actually, the Servlet 2.3 spec addresses this. There's a new interface introduced called the HttpSessionListener. You have to register implementations of the same in your web.xml. It basically gets notifications of every session creation or destruction. You could capture these events, and so maintain the list of all active sessions in a singleton datastructure. As and when a user is deleted from the system, get the user's session from the singleton and invalidate it.
Regarding your first requirement - to be able to list everyone logged into the system - you might want to maintain a field on your user table in the database which indicates the same. That would allow you to query the list of all logged in users effectively even when you're running a cluster of several servlet engines, rather than returning only the users with sessions on the servlet engine that you happen to be directed to in the cluster. Ashwin -----Original Message----- From: Michael Weller [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 6:21 PM To: [EMAIL PROTECTED] Subject: Re: HttpSession problem hi, i would keep a separate List in my servlet to keep the sessions. Use HttpSessionBindingListener to find out if a session that keeps a object implementing this interface has been invalidated or has timed out. -mw ----- Original Message ----- From: "James Ross Nicoll" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 12, 2001 12:56 PM Subject: HttpSession problem > I'm writing a system which uses HttpSession instances to hold a username > for people logged into the system. It would be useful to be able to list > everyone currently connected to the system, as well as invalidate a user's > session if that user was deleted from the system. > > Maintaining a list of users which have logged in, and removing them from > the list as they log out would be fine, except that if they don't log out, > but instead just leave their session to timeout, this wouldn't be caught. > This would also provide no capability to invalidate sessions, from a > different session. > > My second idea was to maintain a list of the instances, however I cannot > find any way to check that a session is still valid, incase one times out. > > The last possibility would have been to keep a list of session IDs, and > use HttpSessionContext.getSession () to fetch sessions as necessary, > however the HttpSessionContext.getSession () has been deprecated, with not > replacement AFAIK. > > Does anyone have any suggestions as to possible solutions? > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
