Tomcat provides an easy-to-use gui
for managing sessions for any web application that resides on it. This guide will detail how to first setup
the Tomcat manager and then how to find user sessions to force them off.
Part 1: Setting up the Tomcat ManagerFirst
note that you will need to ensure that your installation of Tomcat includes the "manager" webapp
. You can check this by going to "[tomcat]\webapps\" If you do not see the "manager" folder in this directory you will need to download and extract this application from here: http://tomcat.apache.org/download-60.cgi
You can find the "manager" application under \webapps\
- If you already have a tomcat manager user setup, you can skip this section
- First navigate on your server to the directory: [tomcat]\conf
- Open up the file called "tomcat-users.xml"
- Between the tags, add in the following lines:
- This sets the password to "tomcat", you can change this to whatever password you would like.
- Save the file and close it
- Restart your Tomcat server
Part 2: Using the Tomcat Manager
To get to the Tomcat Manager:
- From your server open up a browser and navigate to: http://localhost:8080
- You can also navigate to this anywhere from your domain, but if you have a re-direct setup you may have problems. You can get to the manager directly by going to: http://yourdomain:8080/manager/html
- Enter in the username and password you set up in the previous section. The default is username: manager, password: tomcat
- Locate the row containing /contour
- Click on the number listed in the column "sessions"
- You will see a page that looks like this:
- Use the column "Guessed User name" to locate the users you need to force off.
- Use the check-box on the left and click on "Invalidate selected Sessions", the selected users will now be forced off.
Do not worry about the number of sessions, Contour creates a session every time the login page is viewed, this does not count against your licensing allotment.
(Originally posted by Ryan Saul)