User Session Terminator Portlet - Websphere

This is a discussion on User Session Terminator Portlet - Websphere ; I have a question as to the feasibility of creating a portlet that provides an administrator the ability to list currently logged on users (I know how to do this, its pretty straight forward) and to terminate their sessions (I ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: User Session Terminator Portlet

  1. User Session Terminator Portlet


    I have a question as to the feasibility of creating a portlet that provides an administrator the ability to list currently logged on users (I know how to do this, its pretty straight forward) and to terminate their sessions (I don't know how to do this).

    I don't know if it is possible to kill another user's session and LTPA cookie from a portlet. Does anyone have experience doing this, or is this even doable?

    I have looked at WSSecurityHelper.revokeSSOCookies(HttpServletReq, HttpServletRes), but I don't think this can be implemented down at the portlet level, plus how can I access another user's request and response objects.

    Thanks in advance!

  2. Re: User Session Terminator Portlet

    Hi montqco,

    How did you approach the listing of the current logged-in users? We have a similar request for preventing duplicate logins (prevent the user from logging twice in the system).

    Thanks


  3. Re: User Session Terminator Portlet

    Jim,

    All I did was create a class that extends HttpSessionListener. Then I registered the listener in my web.xml file for my login portlet.


    listens for session creation events
    SessionListener
    yourclassnamehere


    When a user logs in, the sessionCreated(HttpSessionEvent event) method of the listener is invoked. When a session is destroyed, the sessionDestroyed(HttpSessionEvent event) method is called by your web container. I then store of the session info into a static HashMap in a helper class which runs in our commons project. Hope this helps.

    Colby

  4. Re: User Session Terminator Portlet

    Thanks a lot for quick replying. Yes, httpsessionlistener is the most obvious way to go, but you also count the users who have closed their browser and have their session open.

    This is why I am looking for a more "active" way (or an extension to what you are suggesting) of knowing whether a user is still "on", meaning logged-in and having an open browser window. If the user closed his/her browser then the session must be immediately end. This is the gap I'm having now.

+ Reply to Thread