force all session log-out

i'm using spring+tapestry for authenticate webuser. I wonder is there any technique i can force all users that currently login in to logout let say i'm on scenario where the site is 'under maintenance mode'

p/s: will it able开发者_StackOverflow社区 to force all users' running process to finish and only force log out

---

Two things come to my mind:

• use HttpSessionListener to keep track of all sessions and invalidate them when the time comes. To use this you will need a Set of Session objects in your ServletContext (or less preferably - as a static field). Update that Set whenever a session is created or destroyed, and iterate the set when invalidation is needed.

• use a Filter (mapped to /*) where, if certain conditions (maintenance == true) are met, invalidate the current session. Thus all users will be logged out on their next action. This would work in cases when "maintenance mode" doesn't mean "stop the whole server", but rather means "no operations should be performed by users, I'm doing something important in the background that should not be interfered"

---

The problem is trying to let them finish the request and only then log them out. I assume if they hit save on a form, you want the data to be saved but then they should be redirected to the maintenance page. For GET requests, you can just log the user out if the maintenance flag is set. POSTs are a litle harder because you want to complete the request but then sign them out and redirect them to the maintenance page. I would try a request filter. Handle the request like normal, but then invalidate the session and use response.sendRedirect if the maintenance flag is set.

Another option would be to use a JavaScript timer in the layout - hit a page periodically to see if they should be logged out. That probably wouldn't let them finish their current request though.