How to remove a "unknown user"-session

Question

If I logout a user from it's session (session.logoutSessionUser()), the session is still existing with an "unknown user".

    ISecurityManager secMgr = SecurityManager.getSecurityManager();
    for (ISession ssn : secMgr.getSessions()) {
        if (ssn.getSessionUserName().equalsIgnoreCase("xyz")) {
            ssn.logoutSessionUser();
        }           
    }

The session disappears only after a timeout (that might be the timeout defined in the tomcat configuration)

However: Is there a way to close/kill a session immediately after logging out a user?

Accepted Answer

1

Hi Stefan

Do you want to destroy the ivy session or the http session? You can destroy the ivy session by using the following API:

ssn.getSecurityContext().destroySession(ssn.getIdentifier());

The http session will not be destroyed by this call. However, there is an open issue XIVY-1091 in our issues database for this.

Regards

Reto Weiss, Axon.ivy Support

link

answered 27.03.2019 at 10:30

Reto Weiss ♦♦
4.9k●20●28●57
accept rate: 74%

How to remove a "unknown user"-session

Follow this question

Related questions