SocketServer implements some logic to disconnect connections which have expired authentication sessions. At the moment, we just call `SelectionKey.cancel` in order to trigger this disconnect. I think the expectation is that this causes the channel to be closed on the next `poll`, but as far as I can tell, all it does is disassociate the selection key from the selector. This means that the key never gets selected again and we never close the connection until the client times out.
This was found when debugging the flaky test failure `EndToEndAuthorizationTest.testNoDescribeProduceOrConsumeWithoutTopicDescribeAcl`. I modified the code to call `Selector.close` instead of `TransportLayer.disconnect`. I was able to reproduce the session authentication expiration, but the connection properly closes and the test does no longer times out.