res.setContentType("text/plain");
PrintWriter out = res.getWriter();
// Get the current session object, create one if necessary
HttpSession dummySession = req.getSession(true);
// Use the session to get the session context
HttpSessionContext context = dummySession.getSessionContext();
// Use the session context to get a list of session IDs
Enumeration ids = context.getIds();
// Iterate over the session IDs checking for stale sessions
while (ids.hasMoreElements()) {
String id = (String)ids.nextElement();
out.println("Checking " + id + "...");
HttpSession session = context.getSession(id);
// Invalidate the session if it's more than a day old or has been
// inactive for more than an hour.
Date dayAgo = new Date(System.currentTimeMillis() - 24*60*60*1000);
Date hourAgo = new Date(System.currentTimeMillis() - 60*60*1000);
Date created = new Date(session.getCreationTime());
Date accessed = new Date(session.getLastAccessedTime());
if (created.before(dayAgo)) {
out.println("More than a day old, invalidated!");
session.invalidate();
}
else if (accessed.before(hourAgo)) {
out.println("More than an hour inactive, invalidated!");
session.invalidate();
}
else {
out.println("Still valid.");
}
out.println();
}