How to use

stop

method

in

org.apache.shiro.session.Session

/**
 * Immediately delegates to the underlying proxied session.
 */
public void stop() throws InvalidSessionException {
  delegate.stop();
}

public void invalidate() {
  try {
    getSession().stop();
  } catch (InvalidSessionException e) {
    throw new IllegalStateException(e);
  }
}

protected void stopSession(Subject subject) {
  Session s = subject.getSession(false);
  if (s != null) {
    s.stop();
  }
}

public void stop(SessionKey key) throws InvalidSessionException {
  Session session = lookupRequiredSession(key);
  try {
    if (log.isDebugEnabled()) {
      log.debug("Stopping session with id [" + session.getId() + "]");
    }
    session.stop();
    onStop(session, key);
    notifyStop(session);
  } finally {
    afterStopped(session);
  }
}

@Override
public boolean forceLogout(String sessionId) {
  Session session = sessionDAO.readSession(sessionId);
  session.setTimeout(0);
  session.stop();
  sessionDAO.delete(session);
  return true;
}

/**
 * Immediately delegates to the underlying proxied session.
 */
public void stop() throws InvalidSessionException {
  delegate.stop();
}

protected void stopSession(Subject subject) {
  Session s = subject.getSession(false);
  if (s != null) {
    s.stop();
  }
}

@Test
public void testSessionStopThenStart() {
  String key = "testKey";
  String value = "testValue";
  DefaultSecurityManager sm = new DefaultSecurityManager();
  DelegatingSubject subject = new DelegatingSubject(sm);
  Session session = subject.getSession();
  session.setAttribute(key, value);
  assertTrue(session.getAttribute(key).equals(value));
  Serializable firstSessionId = session.getId();
  assertNotNull(firstSessionId);
  session.stop();
  session = subject.getSession();
  assertNotNull(session);
  assertNull(session.getAttribute(key));
  Serializable secondSessionId = session.getId();
  assertNotNull(secondSessionId);
  assertFalse(firstSessionId.equals(secondSessionId));
  subject.logout();
  sm.destroy();
}

public void stop(SessionKey key) throws InvalidSessionException {
  Session session = lookupRequiredSession(key);
  try {
    if (log.isDebugEnabled()) {
      log.debug("Stopping session with id [" + session.getId() + "]");
    }
    session.stop();
    onStop(session, key);
    notifyStop(session);
  } finally {
    afterStopped(session);
  }
}

 @Tested
Session s;

new Expectations(Session.class) {{ 
  s.stop(); times = 0; } //Session#stop must not be called
};

/**
 * Immediately delegates to the underlying proxied session.
 */
public void stop() throws InvalidSessionException {
  delegate.stop();
}

@Override
public boolean destroySession(final J2EContext context) {
  getSession(true).stop();
  return true;
}

protected void stopSession(Subject subject) {
  Session s = subject.getSession(false);
  if (s != null) {
    s.stop();
  }
}

DefaultSecurityManager securityManager = (DefaultSecurityManager) SecurityUtils.getSecurityManager();
 DefaultSessionManager sessionManager = (DefaultSessionManager) securityManager.getSessionManager();
 Collection<Session> activeSessions = sessionManager.getSessionDAO().getActiveSessions();
 for (Session session: activeSessions){
    session.stop();
 }

 @Test
public void testWhatever (@Mocked final Session s)
{
  final Whatever w = new Whatever();
  w.method();

  new Verifications() {{ s.stop(); times = 0; }};
}

public void stop(SessionKey key) throws InvalidSessionException {
  Session session = lookupRequiredSession(key);
  if (log.isDebugEnabled()) {
    log.debug("Stopping session with id [" + session.getId() + "]");
  }
  session.stop();
  onStop(session, key);
  notifyStop(session);
  afterStopped(session);
}

  /**
   * Regenerate the session if any. This prevents a potential session fixation issue by forcing a new session id on
   * login success. See https://issues.apache.org/jira/browse/SHIRO-170.
   *
   * @param subject the successfully logged in subject
   */
  default void regenerateSession(Subject subject) {
    Session session = subject.getSession(false);
    if (session != null) {
      // Retain session attributes
      Map<Object, Object> attributes = new LinkedHashMap<>();
      for (Object key : session.getAttributeKeys()) {
        Object value = session.getAttribute(key);
        if (value != null) {
          attributes.put(key, value);
        }
      }

      // Destroy the current sessions and recreate a new one
      session.stop();
      session = subject.getSession(true);

      // Restore attributes in the new session
      for (Map.Entry<Object, Object> entry : attributes.entrySet()) {
        session.setAttribute(entry.getKey(), entry.getValue());
      }
    }
  }
}

public void login(String userName, String password, boolean rememberMe) {
  Subject subject = SecurityUtils.getSubject();
  // Force a new session to prevent session fixation attack.
  // We have to invalidate via both Shiro and Wicket; otherwise it doesn't
  // work.
  subject.getSession().stop();
  WebSession.get().replaceSession(); 
  UsernamePasswordToken token;
  token = new UsernamePasswordToken(userName, password, rememberMe);
  
  subject.login(token);
}

  /**
   * 销毁Session
   * @param context
   * @param ticket
   */
  public void destroySession(C context, final String ticket) {
    ProfileManager manager = new ProfileManager(context);
    manager.logout();

    Serializable sessionId = sessionTicketStore.getSessionId(ticket);
    if (sessionId != null) {
      try {
        Session session = sessionManager.getSession(new DefaultSessionKey(sessionId));
        session.stop();
      } catch (Exception e) {
        logger.warn(e.getMessage());
      }
    }
    sessionTicketStore.deleteByTicket(ticket);
  }
}