From e4a15edb4553d5d1926a1e68cc6eb77dd2c690ab Mon Sep 17 00:00:00 2001
From: Istvan Toth <stoty@apache.org>
Date: Wed, 14 Aug 2024 15:07:57 +0200
Subject: [PATCH] [CALCITE-6530] HTTP Sessions are never expired in Avatica
 server

---
 .../java/org/apache/calcite/avatica/server/HttpServer.java    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
index d34a2618b..ce9c2c989 100644
--- a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
+++ b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
@@ -79,6 +79,7 @@
 public class HttpServer {
   private static final Logger LOG = LoggerFactory.getLogger(HttpServer.class);
   private static final int MAX_ALLOWED_HEADER_SIZE = 1024 * 64;
+  private static final int MAX_SESSION_INACTIVE_INTERVAL = 60 * 60;
 
   private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
 
@@ -288,6 +289,9 @@ private HandlerList configureHandlers() {
       securityHandler.setHandler(handler);
       // SPNEGO requires a session
       SessionHandler sessionHandler = new SessionHandler();
+      // We could make this configurable, but the only downside of expiring the session is
+      // forcing re-autentication
+      sessionHandler.setMaxInactiveInterval(MAX_SESSION_INACTIVE_INTERVAL);
       sessionHandler.setHandler(securityHandler);
       avaticaHandler = sessionHandler;
     }