For deployed portlets, upon each request, we will wrap the real portlet session and portal session together and add it to PortletSessionTracker by PortletServlet, so it can be invalidated when portal session gets invalidated.
1) When "session.id.delimiter" is not set
We wrapped portal and portlet session in a SharedSessionWrapper directly, since we create a new instance of SharedSessionWrapper each time, so we need to add hashCode and equals to it, to make sure we do not keep replicated portal and portlet session in PortletSessionTracker, that is what the fix of
2) When "session.id.delimiter" is set
We wrapped both portal and portlet session in a CompoundSessionIdHttpSession first, and then wrap the CompoundSessionIdHttpSession instances in SharedSessionWrapper. Since we create a new instance of CompoundSessionIdHttpSession each time, we face the same problem as the first one.