Store and invalidate Java HttpSession from different user

Question

Okay. What I want to do is be able to, when I update a user, invalidate any session that they currently have in order to force a refresh of credentials. I don\'t care about bein

Answer 1

There's no straight forward way. The easiest way I can think of is to keep a flag on the database (or a cahche) and check it's validity on each request.

Or you can implement a HTTP Session listener and keep a HashMap of user sessions that can be accessed and invalidated.

I haven't tried any of these out so I don't know of any performance issues. But it should be acceptable for most applications.