Details
-
New Feature
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
Description
The current behavior of cursors regarding timeouts has these three problems:
- If a cursor is created without NoCursorTimeout option, it can suddenly disappear if the client is running slowly. And there is no way to change its TTL (10 minutes).
- If a cursor is created with NoCursorTimeout option, and the client crashes before closing it, the cursor lasts forever because no one knows its cursorID at this point.
- Any cursors can be killed with OP_KILL_CURSORS request, even if the cursors to be killed weren't created by the requestor. This can be a security issue.
So I propose these changes:
- Do not time-out cursors on server side. Make NoCursorTimeout option deprecated.
- Make cursorID be local to connections, and automatically close them when the connection is closed. OP_KILL_CURSORS should ignore any cursorIDs that were not created on the connection requested it.
- Introduce a new server command
{killAllCursors: 1}
that closes any cursors created on the connection that issued the command. Drivers can use it to clean up cursors without disconnecting.