We need a functionality of killing a specific session (by session ID) from some

Question

0

Editorial Team

Asked: June 4, 20262026-06-04T07:33:12+00:00 2026-06-04T07:33:12+00:00

We need a functionality of killing a specific session (by session ID) from some

0

We need a functionality of killing a specific session (by session ID) from some kind of an admin panel.

I attempted using the following approach:

public static void killSession(String sid) {

    HttpSessionContext sc = FacesUtil.getSession().getSessionContext();
    HttpSession session=sc.getSession(sid);        

    session.invalidate();
}

However

HttpSessionContext, and getSessionContext() and
getSession(sessionId) methods of a session are all deprecated (for seemingly paranoid security reasons)
The above code also gets a null session when invoked in an ApplicationScoped JSF managed bean

I’m seeking an alternative way of achieving the functionality.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T07:33:13+00:00

Editorial Team

2026-06-04T07:33:13+00:00Added an answer on June 4, 2026 at 7:33 am

Yes, you can’t invalidate session from another session due to security reasons. What you can do is to manually store all sessions in some static attribute available to admin. So user logs in, you add him and his session to this attribute (usually a Map/HashMap with user as a key and session as value).

Look at my older answer here and you will get an idea.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We need a functionality of killing a specific session (by session ID) from some

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply