- // Logout when:
- // - the session does not exist on the server side
- // - the session has expired
- // - the client IP address has changed
- if (empty($session['uid'])
- || ($this->configManager->get('security.session_protection_disabled') === false
- && $session['ip'] != client_ip_id($server))
- || time() >= $session['expires_on']
+ if ($this->sessionManager->hasSessionExpired()
+ || $this->sessionManager->hasClientIpChanged($clientIpId)