refactor: change default http_session_timeout_secs to 4 hour. (#18270)

and some small refactors.

Author: youngsofun

src/query/config/src/config.rs

@@ -1674,7 +1674,7 @@ pub struct QueryConfig {
     #[clap(long, value_name = "VALUE", default_value = "60")]
     pub http_handler_result_timeout_secs: u64,
 
-    #[clap(long, value_name = "VALUE", default_value = "3600")]
+    #[clap(long, value_name = "VALUE", default_value = "14400")]
     pub http_session_timeout_secs: u64,
 
     #[clap(long, value_name = "VALUE", default_value = "127.0.0.1")]

src/query/config/src/inner.rs

@@ -281,7 +281,7 @@ impl Default for QueryConfig {
             http_handler_host: "127.0.0.1".to_string(),
             http_handler_port: 8000,
             http_handler_result_timeout_secs: 60,
-            http_session_timeout_secs: 3600,
+            http_session_timeout_secs: 14400,
             flight_api_address: "127.0.0.1:9090".to_string(),
             flight_sql_handler_host: "127.0.0.1".to_string(),
             flight_sql_handler_port: 8900,

src/query/service/src/servers/http/v1/session/client_session_manager.rs

@@ -41,7 +41,6 @@ use sha2::Digest;
 use sha2::Sha256;
 use tokio::time::Instant;
 
-use crate::servers::http::v1::session::consts::REFRESH_TOKEN_TTL;
 use crate::servers::http::v1::session::consts::TOMBSTONE_TTL;
 use crate::servers::http::v1::session::consts::TTL_GRACE_PERIOD_META;
 use crate::servers::http::v1::session::consts::TTL_GRACE_PERIOD_QUERY;
@@ -89,7 +88,7 @@ pub struct ClientSessionManager {
     /// refresh:
     ///  - auth (with min interval)
     session_state: Mutex<BTreeMap<String, SessionState>>,
-    pub session_token_ttl: Duration,
+    pub max_idle_time: Duration,
     pub min_refresh_interval: Duration,
 }
 
@@ -102,12 +101,20 @@ impl ClientSessionManager {
         format!("{user_name}/{client_session_id}")
     }
 
+    fn refresh_token_ttl(&self) -> Duration {
+        self.max_idle_time
+    }
+
+    fn session_token_ttl(&self) -> Duration {
+        self.max_idle_time / 4
+    }
+
     #[async_backtrace::framed]
     pub async fn init(cfg: &InnerConfig) -> Result<()> {
         let mgr = Arc::new(Self {
             session_tokens: RwLock::new(LruCache::with_items_capacity(1024)),
             refresh_tokens: RwLock::new(LruCache::with_items_capacity(1024)),
-            session_token_ttl: Duration::from_secs(cfg.query.http_session_timeout_secs),
+            max_idle_time: Duration::from_secs(cfg.query.http_session_timeout_secs),
             min_refresh_interval: Duration::from_secs(
                 (cfg.query.http_session_timeout_secs / 10).min(300),
             ),
@@ -127,7 +134,9 @@ impl ClientSessionManager {
             {
                 let guard = self.session_state.lock();
                 for (key, session_state) in &*guard {
-                    if (now - session_state.last_access) > self.session_token_ttl {
+                    if (now - session_state.last_access)
+                        > self.max_idle_time + self.min_refresh_interval
+                    {
                         expired.push((key.clone(), session_state.temp_tbl_mgr.clone()));
                     } else {
                         remained.push(key.clone());
@@ -140,18 +149,23 @@ impl ClientSessionManager {
                     guard.remove(id);
                 }
             }
+            let num_expired = expired.len();
             for (key, mgr) in expired {
                 drop_all_temp_tables_with_logging(&key, mgr, "idle").await;
             }
+            let elapsed = now.duration_since(Instant::now());
 
-            if !(remained.is_empty()) {
+            if !(remained.is_empty() && num_expired == 0) {
                 info!(
-                    "[TEMP TABLE] sessions after cleanup, {} remained: {:?}",
+                    "[TEMP TABLE] cleanup {num_expired} sessions in {} secs, {} remained: {:?}",
+                    elapsed.as_secs(),
                     remained.len(),
                     remained
                 );
             }
-            tokio::time::sleep(self.session_token_ttl / 4).await;
+            if elapsed < self.max_idle_time / 4 {
+                tokio::time::sleep(self.max_idle_time / 4 - elapsed).await;
+            }
         }
     }
 
@@ -166,7 +180,7 @@ impl ClientSessionManager {
             .upsert_client_session_id(
                 client_session_id,
                 &user_name,
-                REFRESH_TOKEN_TTL + TTL_GRACE_PERIOD_META + self.min_refresh_interval,
+                self.max_idle_time + self.min_refresh_interval + TTL_GRACE_PERIOD_META,
             )
             .await?;
         Ok(())
@@ -196,7 +210,7 @@ impl ClientSessionManager {
             &tenant_name,
             &user,
             &auth_role,
-            REFRESH_TOKEN_TTL + TTL_GRACE_PERIOD_META,
+            self.refresh_token_ttl() + TTL_GRACE_PERIOD_META,
         );
         let refresh_token = claim.encode(TokenType::Refresh);
         let refresh_token_hash = hash_token(refresh_token.as_bytes());
@@ -208,7 +222,7 @@ impl ClientSessionManager {
             .upsert_token(
                 &refresh_token_hash,
                 token_info.clone(),
-                REFRESH_TOKEN_TTL + TTL_GRACE_PERIOD_META,
+                self.refresh_token_ttl() + TTL_GRACE_PERIOD_META,
                 false,
             )
             .await?;
@@ -222,7 +236,7 @@ impl ClientSessionManager {
             .insert(refresh_token_hash.clone(), None);
 
         // session token
-        claim.expire_at_in_secs = (now + self.session_token_ttl)
+        claim.expire_at_in_secs = (now + self.session_token_ttl())
             .duration_since(SystemTime::UNIX_EPOCH)
             .unwrap()
             .as_secs();
@@ -238,7 +252,7 @@ impl ClientSessionManager {
             .upsert_token(
                 &session_token_hash,
                 token_info.clone(),
-                REFRESH_TOKEN_TTL + TTL_GRACE_PERIOD_META,
+                self.session_token_ttl() + TTL_GRACE_PERIOD_META,
                 false,
             )
             .await?;
@@ -256,7 +270,7 @@ impl ClientSessionManager {
             .upsert_client_session_id(
                 &client_session_id,
                 &claim.user,
-                REFRESH_TOKEN_TTL + TTL_GRACE_PERIOD_META,
+                self.max_idle_time + self.min_refresh_interval + TTL_GRACE_PERIOD_META,
             )
             .await?;
 

src/query/service/src/servers/http/v1/session/consts.rs

@@ -14,9 +14,6 @@
 
 use std::time::Duration;
 
-/// used for both client session id and refresh token TTL
-pub const REFRESH_TOKEN_TTL: Duration = Duration::from_hours(4);
-
 /// client start timing for TTL later then meta
 pub const TTL_GRACE_PERIOD_META: Duration = Duration::from_secs(300);
 

src/query/service/src/servers/http/v1/session/login_handler.rs

@@ -124,7 +124,7 @@ pub async fn login_handler(
                     session_id,
                     tokens: Some(TokensInfo {
                         session_token_ttl_in_secs: ClientSessionManager::instance()
-                            .session_token_ttl
+                            .max_idle_time
                             .as_secs(),
                         session_token: token_pair.session.clone(),
                         refresh_token: token_pair.refresh.clone(),

src/query/service/src/servers/http/v1/session/refresh_handler.rs

@@ -61,7 +61,7 @@ pub async fn refresh_handler(
             Ok(Json(RefreshResponse {
                 tokens: TokensInfo {
                     session_token_ttl_in_secs: ClientSessionManager::instance()
-                        .session_token_ttl
+                        .max_idle_time
                         .as_secs(),
                     session_token: token_pair.session.clone(),
                     refresh_token: token_pair.refresh.clone(),

src/query/service/tests/it/storages/testdata/configs_table_basic.txt

@@ -117,7 +117,7 @@ DB.Table: 'system'.'configs', Table: configs-table_id:1, ver:0, Engine: SystemCo
 | 'query'   | 'http_handler_tls_server_cert'                  | ''                                                                                                                                                                                                        | ''       |
 | 'query'   | 'http_handler_tls_server_key'                   | ''                                                                                                                                                                                                        | ''       |
 | 'query'   | 'http_handler_tls_server_root_ca_cert'          | ''                                                                                                                                                                                                        | ''       |
-| 'query'   | 'http_session_timeout_secs'                     | '3600'                                                                                                                                                                                                    | ''       |
+| 'query'   | 'http_session_timeout_secs'                     | '14400'                                                                                                                                                                                                   | ''       |
 | 'query'   | 'internal_enable_sandbox_tenant'                | 'false'                                                                                                                                                                                                   | ''       |
 | 'query'   | 'internal_merge_on_read_mutation'               | 'false'                                                                                                                                                                                                   | ''       |
 | 'query'   | 'jwks_refresh_interval'                         | '600'                                                                                                                                                                                                     | ''       |