I know that the session ID can be validated using hashmap and attaching it to a listener. Also there was a deprecated method to validate using only the session ID string.
I want to know is there an alternative way to validate the known session ID in Apache Shiro without the use of any hashmaps?
An alternate solution would be to create the subject using the passed session ID and then trying to get the session of that subject. If a session exist then it will return its session
else null
. For example, below method can be used to validate an Apache Shiro's session using a passed session ID.
public static boolean isSessionValid(String sessionId){
Subject requestedSubject = new Subject.Builder().sessionId(sessionId).buildSubject();
return !(requestedSubject.getSession(false) == null);
}