The key to this is not to kick the session out but to delete the permissions for this user. If the user has no permissions they can't do anything even though the session still exists. I believe I had to clear the Shiro cache for the user though but I had distributed cache going.
> On Aug 25, 2017, at 9:42 AM, Richard Wheeldon <[email protected]> > wrote: > > Hi, > > I’m running into an issue whereby if an administrator deletes or remove > access from a regular user but they’re currently logged on, the access is > retained because it’s stored in the current session. I can easily logout the > current user with Subject.logout() but I can’t see an obvious way within > Shiro of kicking a session for a different user. Is there a simple way? > > Regards, > > Richard >
