import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class ManualInvalidateScan extends HttpServlet {

  public void doGet(HttpServletRequest req, HttpServletResponse res)
                               throws ServletException, IOException {
    res.setContentType("text/plain");
    PrintWriter out = res.getWriter();

    // Get the current session object, create one if necessary
    HttpSession dummySession = req.getSession(true);

    // Use the session to get the session context
    HttpSessionContext context = dummySession.getSessionContext();

    // Use the session context to get a list of session IDs
    Enumeration ids = context.getIds();

    // Iterate over the session IDs checking for stale sessions
    while (ids.hasMoreElements()) {
      String id = (String)ids.nextElement();
      out.println("Checking " + id + "...");
      HttpSession session = context.getSession(id);

      // Invalidate the session if it's more than a day old or has been
      // inactive for more than an hour.
      Date dayAgo = new Date(System.currentTimeMillis() - 24*60*60*1000);
      Date hourAgo = new Date(System.currentTimeMillis() - 60*60*1000);
      Date created = new Date(session.getCreationTime());
      Date accessed = new Date(session.getLastAccessedTime());

      if (created.before(dayAgo)) {
        out.println("More than a day old, invalidated!");
        session.invalidate();
      }
      else if (accessed.before(hourAgo)) {
        out.println("More than an hour inactive, invalidated!");
        session.invalidate();
      }
      else {
        out.println("Still valid.");
      }
      out.println();
    }
  }
}