Invalidate Session of a specific user

Question

So for my webapp, if I remove a user that is currently logged in, and I want to invalidate his/her session. So that as soon as he/she refresh the page or navigate, they are no l

Answer 1

I think you can use your approach (with some modifications proposed by @BalusC) plus some notification mechanism (to make it work in distributed environment). You can do one of the following:

1. Use a topic queue subscribed by all your servers. When you remove user from your admin panel the JMS message will be created and sent to the topic. Every server will be responsible for invalidating the user session if it exists on the particular server (if the session is referenced in servletContext map).
2. Implement some action to invalidate the user session and run this action on every server in the cluster (The admin panel should send HTTP request to every server).
3. Use JGroups and TCP reliable multicast.

All of these solutions are not simple but much faster than polling the DB server on every request.