import java.io.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; public class ManualInvalidateScan extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/plain"); PrintWriter out = res.getWriter(); // Get the current session object, create one if necessary HttpSession dummySession = req.getSession(true); // Use the session to get the session context HttpSessionContext context = dummySession.getSessionContext(); // Use the session context to get a list of session IDs Enumeration ids = context.getIds(); // Iterate over the session IDs checking for stale sessions while (ids.hasMoreElements()) { String id = (String)ids.nextElement(); out.println("Checking " + id + "..."); HttpSession session = context.getSession(id); // Invalidate the session if it's more than a day old or has been // inactive for more than an hour. Date dayAgo = new Date(System.currentTimeMillis() - 24*60*60*1000); Date hourAgo = new Date(System.currentTimeMillis() - 60*60*1000); Date created = new Date(session.getCreationTime()); Date accessed = new Date(session.getLastAccessedTime()); if (created.before(dayAgo)) { out.println("More than a day old, invalidated!"); session.invalidate(); } else if (accessed.before(hourAgo)) { out.println("More than an hour inactive, invalidated!"); session.invalidate(); } else { out.println("Still valid."); } out.println(); } } }