To allow admin to lock a user, I use service org.moqui.impl.UserServices.disable#UserAccount, but after doing this, this user can still perform functions on the system if the session has not expired. How to make the user’s session expired immediately after calling disable#UserAccount service?
1 Like
i never did this… but try it out
ec.getWeb().getSession().invalidate();
2 Likes
ec.getWeb().getSession().invalidate();
It seems not to resolve my issue because I want to logout the user is disabled by the admin user, so I think I need get the session of disabled user (base on userId or something), then invalidate() this session
2 Likes
To do something like this, something would have to be checked with each web/etc request to see if it should be rejected. This is done with the UserAccount.hasLoggedOut flag, which is meant for a purpose like this (user logs out of one session, effectively logged out of all sessions) and it is checked on each request.
3 Likes
That great! Thank you so much, Jones
1 Like