Hi Jim
Your concern about "in the middle of a request" is correct and chances of IllegalStateException
generation is high. But if think, you must do it, catch this exception and redirect
user to login page.
Cheers
KP

"Jim Donnelly" wrote:
>
>Hi,
>
>I am attempting to implement Session management functionality that will
>allow
>Administrators to view and if necessary end a User's or a given set of
>Users HTTP
>Sessions forcing them to re-logon. I am considering using HttpSession.invalidate()
>to end the sessions. This is fine so long as the user is not in the middle
>of
>a request but if in the middle of a request I am concerned that it will
>cause
>some nasty errors.
>
>Is there a better way of safely ending sessions and if a session is invalidated
>mid request will this end the request?
>
>Thanks in advance for any info or suggestions.
>
>Jim