首先开启定时扫描活跃的session进行校验
然后看源代码
AbstractValidatingSessionManager类中的validateSessions()
public void validateSessions() { if (log.isInfoEnabled()) { log.info("Validating all active sessions..."); } int invalidCount = 0; Collection activeSessions = getActiveSessions(); if (activeSessions != null && !activeSessions.isEmpty()) { for (Session s : activeSessions) { try { //simulate a lookup key to satisfy the method signature. //this could probably stand to be cleaned up in future versions: SessionKey key = new DefaultSessionKey(s.getId()); validate(s, key); } catch (InvalidSessionException e) { if (log.isDebugEnabled()) { boolean expired = (e instanceof ExpiredSessionException); String msg = "Invalidated session with id [" + s.getId() + "]" + (expired ? " (expired)" : " (stopped)"); log.debug(msg); } invalidCount++; } } } if (log.isInfoEnabled()) { String msg = "Finished session validation."; if (invalidCount > 0) { msg += " [" + invalidCount + "] sessions were stopped."; } else { msg += " No sessions were stopped."; } log.info(msg); } } 做校验的方法是validate(s, key);
protected void validate(Session session, SessionKey key) throws InvalidSessionException { try { doValidate(session); } catch (ExpiredSessionException ese) { onExpiration(session, ese, key); throw ese; } catch (InvalidSessionException ise) { onInvalidation(session, ise, key); throw ise; } } validate(session, key)说明:
AbstractValidatingSessionManager.validate(Session session, SessionKey key)方法中,如果是session有效期过期了,这会调用onExpiration(Session s, ExpiredSessionException ese, SessionKey key)方法,该方法中onExpiration(s)调用ShiroCache类,删除shiro_redis_session:shiro-activeSessionCache:的session信息;afterExpired(s)调用RedisSessionDAO类,删除shiro_redis_session:的session信息