shiro session timeout配置方式

public Session start(SessionContext context) {
    // 抽象创建Session的行为，后文详解#1
    Session session = createSession(context);
    // 为Session设置过期时间，后文详解#2
    applyGlobalSessionTimeout(session);
    // 开启Session中的行为，后文详解#3
    onStart(session, context);
    // 通知监听器执行Session创建中行为，后文详解#4
    notifyStart(session);
    // 包装Session，最终要实现的Session可以存储在除了内存外的其他介质中（如Redis），后文详解#5
    return createExposedSession(session, context);
}

protected abstract Session createSession(SessionContext context) throws AuthorizationException;

protected Session createSession(SessionContext context) throws AuthorizationException {
// 如果有必要的话对Session进行有效性校验
    enableSessionValidationIfNecessary();
// 具体创建Session的行为，继续抽象化
    return doCreateSession(context);
}

protected abstract Session doCreateSession(SessionContext initData) throws AuthorizationException;

protected Session doCreateSession(SessionContext context) {
    Session s = newSessionInstance(context);
    if (log.isTraceEnabled()) {
        log.trace("Creating session for host {}", s.getHost());
    }
    create(s);
    return s;
}

// SessionFactory负责创建基础Session
protected Session newSessionInstance(SessionContext context) {
    return getSessionFactory().createSession(context);
}

// SessionDao负责存储Session到介质中
protected void create(Session session) {
    if (log.isDebugEnabled()) {
        log.debug("Creating new EIS record for new session instance [" + session + "]");
    }
    sessionDAO.create(session);
}

protected void applyGlobalSessionTimeout(Session session) {
    // 从AbstractSessionManager中获得全局Session过期时间，然后为Session设置上
    session.setTimeout(getGlobalSessionTimeout());
    // 执行Session更新时的行为，默认什么都不执行，子类可覆盖执行其特有的行为
    onChange(session);
}

protected void onChange(Session s) {
}

protected void onChange(Session session) {
    sessionDAO.update(session);
}

protected void onStart(Session session, SessionContext context) {
}

protected void onStart(Session session, SessionContext context) {
    super.onStart(session, context);

    if (!WebUtils.isHttp(context)) {
        log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
                "pair. No session ID cookie will be set.");
        return;

    }
    HttpServletRequest request = WebUtils.getHttpRequest(context);
    HttpServletResponse response = WebUtils.getHttpResponse(context);

    if (isSessionIdCookieEnabled()) {
        Serializable sessionId = session.getId();
        storeSessionId(sessionId, request, response);
    } else {
        log.debug("Session ID cookie is disabled.  No cookie has been set for new session with id {}", session.getId());
    }

    request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
    request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
}

protected void notifyStart(Session session) {
    for (SessionListener listener : this.listeners) {
        listener.onStart(session);
    }
}

protected Session createExposedSession(Session session, SessionContext context) {
    return new DelegatingSession(this, new DefaultSessionKey(session.getId()));
}

public DelegatingSession(NativeSessionManager sessionManager, SessionKey key) {
    if (sessionManager == null) {
        throw new IllegalArgumentException("sessionManager argument cannot be null.");
    }
    if (key == null) {
        throw new IllegalArgumentException("sessionKey argument cannot be null.");
    }
    if (key.getSessionId() == null) {
        String msg = "The " + DelegatingSession.class.getName() + " implementation requires that the " +
                "SessionKey argument returns a non-null sessionId to support the " +
                "Session.getId() invocations.";
        throw new IllegalArgumentException(msg);
    }
    this.sessionManager = sessionManager;
    this.key = key;
}

public Session getSession(SessionKey key) throws SessionException {
    // 根据Session的key查找Session（如在Redis介质中查找）
    Session session = lookupSession(key);
    // 如果Session存在就包装Session，最终要实现的Session可以存储在除了内存外的其他介质中（如Redis）
    return session != null ? createExposedSession(session, key) : null;
}

private Session lookupSession(SessionKey key) throws SessionException {
    if (key == null) {
        throw new NullPointerException("SessionKey argument cannot be null.");
    }
    return doGetSession(key);
}

// AbstractNativeSessionManager本身没有查询Session的职能，只能抽象化
protected abstract Session doGetSession(SessionKey key) throws InvalidSessionException;

protected final Session doGetSession(final SessionKey key) throws InvalidSessionException {
    // 如果有必要的话对Session进行有效性校验
    enableSessionValidationIfNecessary();

    log.trace("Attempting to retrieve session with key {}", key);

    // 根据Session的key检索Session
    Session s = retrieveSession(key);
    if (s != null) {
        // 校验Session
        validate(s, key);
    }
    return s;
}

// AbstractValidatingSessionManager本身没有查询Session的职能，只能抽象化
protected abstract Session retrieveSession(SessionKey key) throws UnknownSessionException;

protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException {
    // 获得Session的主键（如Redis的key）
    Serializable sessionId = getSessionId(sessionKey);
    if (sessionId == null) {
        log.debug("Unable to resolve session ID from SessionKey [{}].  Returning null to indicate a " +
                "session could not be found.", sessionKey);
        return null;
    }
    // 从数据源中检索Session
    Session s = retrieveSessionFromDataSource(sessionId);
    if (s == null) {
        //session ID was provided, meaning one is expected to be found, but we couldn't find one:
        String msg = "Could not find session with ID [" + sessionId + "]";
        throw new UnknownSessionException(msg);
    }
    return s;
}

protected Serializable getSessionId(SessionKey sessionKey) {
    return sessionKey.getSessionId();
}

protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException {
    return sessionDAO.readSession(sessionId);
}

public DelegatingSession(NativeSessionManager sessionManager, SessionKey key) {
    if (sessionManager == null) {
        throw new IllegalArgumentException("sessionManager argument cannot be null.");
    }
    if (key == null) {
        throw new IllegalArgumentException("sessionKey argument cannot be null.");
    }
    if (key.getSessionId() == null) {
        String msg = "The " + DelegatingSession.class.getName() + " implementation requires that the " +
                "SessionKey argument returns a non-null sessionId to support the " +
                "Session.getId() invocations.";
        throw new IllegalArgumentException(msg);
    }
    this.sessionManager = sessionManager;
    this.key = key;
}

public Date getStartTimestamp() {
    if (startTimestamp == null) {
        // 这件事DelegatingSession本身没有这个职能，只能交给SessionManager去做
        startTimestamp = sessionManager.getStartTimestamp(key);
    }
    return startTimestamp;
}

public Date getStartTimestamp(SessionKey key) {
    return lookupRequiredSession(key).getStartTimestamp();
}

private Session lookupRequiredSession(SessionKey key) throws SessionException {
    // 参见上述，根据Session的key获得Session（如去Redis介质中查找），并不像getSession(SessionKey key)那样对Session进行包装
    Session session = lookupSession(key);
    if (session == null) {
        String msg = "Unable to locate required Session instance based on SessionKey [" + key + "].";
        throw new UnknownSessionException(msg);
    }
    return session;
}

public Date getStartTimestamp() {
    return startTimestamp;
}