Jeg vil gerne vide dig, at you are following the correct path for at ugyldiggøre brugersessionerne
usersSessions.forEach((session) -> {
sessionRegistry.getSessionInformation(session.getId()).expireNow();
});
Noget at bemærke
SessionInformation.expireNow()
er ikke meningen at fjerne poster fra redis databasen, tilføjer den bare den udløbne attribut til session, som du med rette nævnte.
Men hvordan ugyldiggør dette brugerens session?
Her kommer ConcurrentSessionFilter i spil hvor.doFilter() metoden gør det trick med automatically logging out
Her er uddraget til ConcurrentSessionFilter
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
if (session != null) {
SessionInformation info = sessionRegistry.getSessionInformation(session
.getId());
if (info != null) {
if (info.isExpired()) {
// Expired - abort processing
doLogout(request, response);
String targetUrl = determineExpiredUrl(request, info);
if (targetUrl != null) {
redirectStrategy.sendRedirect(request, response, targetUrl);
return;
}
else {
response.getWriter().print(
"This session has been expired (possibly due to multiple concurrent "
+ "logins being attempted as the same user).");
response.flushBuffer();
}
return;
}
else {
// Non-expired - update last request date/time
sessionRegistry.refreshLastRequest(info.getSessionId());
}
}
}
chain.doFilter(request, response);
}
Skål for det!