here's my problem. I have a web app that's deployed on a tomcat cluster. i have a requirement in the application, that the admin can kill some user sessions when he wishes. for that we need the session details of all the users which we can save it in the application. now, the problem is that, how do we know which session is attached with which tomcat instance of the cluster?
is there a way, where we can get this information or , can we send information to the proxy server, etc. to kill the required user session ?
please help. any other suggestions are also welcome.
maybe in your application if you created a HttpSessionListener that maintained your own administrative map of sessions. this would allow your admin module to get a handle on the session object. while not being able to delete them, you could remove all of the session attributes from the session(which depending on what your app stores in the session, should cause the user to get booted) and set the maxInactiveInterval to 1 second, which would cause it to be deleted right away.
for finding the user, you could have an application convention of storing the user's login name as a session attribute that this administrative session manager would be able to show.