[CALCITE-6530] HTTP Sessions are never expired in Avatica server

apache · Aug 15, 2024 · 452df11 · 452df11
1 parent 0ce03b4
commit 452df11
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
@@ -79,6 +79,7 @@
 public class HttpServer {
   private static final Logger LOG = LoggerFactory.getLogger(HttpServer.class);
   private static final int MAX_ALLOWED_HEADER_SIZE = 1024 * 64;
+  private static final int MAX_SESSION_INACTIVE_INTERVAL = 60 * 60;
 
   private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
 
@@ -288,6 +289,9 @@ private HandlerList configureHandlers() {
       securityHandler.setHandler(handler);
       // SPNEGO requires a session
       SessionHandler sessionHandler = new SessionHandler();
+      // We could make this configurable, but the only downside of expiring the session is
+      // forcing re-autentication
+      sessionHandler.setMaxInactiveInterval(MAX_SESSION_INACTIVE_INTERVAL);
       sessionHandler.setHandler(securityHandler);
       avaticaHandler = sessionHandler;
     }