Returns all sessions in the EIS that are considered active, meaning all sessions that
haven't been stopped/expired. This is primarily used to validate potential orphans.
If there are no active sessions in the EIS, this method may return an empty collection or
null.
Performance
This method should be as efficient as possible, especially in larger systems where there might be
thousands of active sessions. Large scale/high performance
implementations will often return a subset of the total active sessions and perform validation a little more
frequently, rather than return a massive set and validate infrequently. If efficient and possible, it would
make sense to return the oldest unstopped sessions available, ordered by
org.apache.shiro.session.Session#getLastAccessTime().
Smart Results
Ideally this method would only return active sessions that the EIS was certain should be invalided.
Typically that is any session that is not stopped and where its lastAccessTimestamp is older than the session
timeout.
For example, if sessions were backed by a relational database or SQL-92 'query-able' enterprise cache, you might
return something similar to the results returned by this query (assuming
org.apache.shiro.session.mgt.SimpleSessions were being stored):
select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null
where the
? parameter is a date instance equal to 'now' minus the session timeout
(e.g. now - 30 minutes).