Major - P3 The shell doesn't invalidate cached database credentials when db.logout() is run. Thus, db.logout() will be "undone" if there is a connection reset.
// insert data as topsecretuser, who has r/w to testDb testDb.auth('topsecretuser','p') testDb.secrets.insert({data:"secret"}) // log out as topsecretuser testDb.logout() testDb.secrets.findOne() // returns error, as expected // log in as clusteruser, who has clusterAdmin // use stepdown to force database reconnection (can also cycle mongod, etc) adminDb.auth('clusteruser','p') adminDb.runCommand({ replSetStepDown: 60 }) // topsecretuser gets logged in again testDb.setSlaveOk() testDb.secrets.findOne() // returns success, unexpected