码迷,mamicode.com
首页 > 其他好文 > 详细

Shiro的校验Session是否过期处理的过程

时间:2018-05-19 17:12:46      阅读:991      评论:0      收藏:0      [点我收藏+]

标签:instance   它的   after   sig   prope   间隔   nat   top   active   

首先开启定时扫描活跃的session进行校验

<!-- shiro会话管理 -->
    <!-- 即用户登录后就是一次会话,在没有退出之前,它的所有信息都在会话中;会话可以是普通 JavaSE 环境的,也可以是如 Web 环境的 -->
    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <property name="cacheManager" ref="redisCacheManager"/>
        <property name="sessionDAO" ref="redisSessionDAO"/>
        <property name="sessionIdCookie" ref="simpleCookie"/>
        <!-- 全局的会话信息时间,,单位为毫秒  -->
        <property name="globalSessionTimeout" value="60000"/>
        <!-- 检测扫描信息时间间隔,单位为毫秒-->
        <property name="sessionValidationInterval" value="60000"/>
        <!-- 是否开启扫描 -->
        <property name="sessionValidationSchedulerEnabled" value="true"/>
        <!-- 去掉URL中的JSESSIONID -->
        <property name="sessionIdUrlRewritingEnabled" value="false"/>
    </bean>

然后看源代码

AbstractValidatingSessionManager类中的validateSessions()

public void validateSessions() {
        if (log.isInfoEnabled()) {
            log.info("Validating all active sessions...");
        }

        int invalidCount = 0;

        Collection<Session> activeSessions = getActiveSessions();

        if (activeSessions != null && !activeSessions.isEmpty()) {
            for (Session s : activeSessions) {
                try {
                    //simulate a lookup key to satisfy the method signature.
                    //this could probably stand to be cleaned up in future versions:
                    SessionKey key = new DefaultSessionKey(s.getId());
                    validate(s, key);
                } catch (InvalidSessionException e) {
                    if (log.isDebugEnabled()) {
                        boolean expired = (e instanceof ExpiredSessionException);
                        String msg = "Invalidated session with id [" + s.getId() + "]" +
                                (expired ? " (expired)" : " (stopped)");
                        log.debug(msg);
                    }
                    invalidCount++;
                }
            }
        }

        if (log.isInfoEnabled()) {
            String msg = "Finished session validation.";
            if (invalidCount > 0) {
                msg += "  [" + invalidCount + "] sessions were stopped.";
            } else {
                msg += "  No sessions were stopped.";
            }
            log.info(msg);
        }
    }

做校验的方法是validate(s, key);

protected void validate(Session session, SessionKey key) throws InvalidSessionException {
        try {
            doValidate(session);
        } catch (ExpiredSessionException ese) {
            onExpiration(session, ese, key);
            throw ese;
        } catch (InvalidSessionException ise) {
            onInvalidation(session, ise, key);
            throw ise;
        }
    }

validate(session, key)说明:
AbstractValidatingSessionManager.validate(Session session, SessionKey key)方法中,如果是session有效期过期了,这会调用onExpiration(Session s, ExpiredSessionException ese, SessionKey key)方法,该方法中onExpiration(s)调用ShiroCache类,删除shiro_redis_session:shiro-activeSessionCache:的session信息;afterExpired(s)调用RedisSessionDAO类,删除shiro_redis_session:的session信息

Shiro的校验Session是否过期处理的过程

标签:instance   它的   after   sig   prope   间隔   nat   top   active   

原文地址:https://www.cnblogs.com/OnlyCT/p/9060533.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!