JSession::_validate

Do some checks for security reason

- timeout check (expire) - ip-fixiation - browser-fixiation If one check failed, session data has to be cleaned.