Hi Jim
Your concern about "in the middle of a request" is correct and chances of IllegalStateException
generation is high. But if think, you must do it, catch this exception and redirect
user to login page.

"Jim Donnelly" wrote:
>I am attempting to implement Session management functionality that will
>Administrators to view and if necessary end a User's or a given set of
>Users HTTP
>Sessions forcing them to re-logon. I am considering using HttpSession.invalidate()
>to end the sessions. This is fine so long as the user is not in the middle
>a request but if in the middle of a request I am concerned that it will
>some nasty errors.
>Is there a better way of safely ending sessions and if a session is invalidated
>mid request will this end the request?
>Thanks in advance for any info or suggestions.