public void validateSessions()

in core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java [279:316]

• 32 lines of code
• 10 McCabe index (conditional complexity)

    public void validateSessions() {
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Validating all active sessions...");
        }

        int invalidCount = 0;

        Collection<Session> activeSessions = getActiveSessions();

        if (activeSessions != null && !activeSessions.isEmpty()) {
            for (Session s : activeSessions) {
                try {
                    //simulate a lookup key to satisfy the method signature.
                    //this could probably stand to be cleaned up in future versions:
                    SessionKey key = new DefaultSessionKey(s.getId());
                    validate(s, key);
                } catch (InvalidSessionException e) {
                    if (LOGGER.isDebugEnabled()) {
                        boolean expired = (e instanceof ExpiredSessionException);
                        String msg = "Invalidated session with id [" + s.getId() + "]"
                                + (expired ? " (expired)" : " (stopped)");
                        LOGGER.debug(msg);
                    }
                    invalidCount++;
                }
            }
        }

        if (LOGGER.isInfoEnabled()) {
            String msg = "Finished session validation.";
            if (invalidCount > 0) {
                msg += "  [" + invalidCount + "] sessions were stopped.";
            } else {
                msg += "  No sessions were stopped.";
            }
            LOGGER.info(msg);
        }
    }