[JAVA-4050] Driver validates it is the creator of a session before using it Created: 16/Mar/21  Updated: 27/Oct/23  Resolved: 16/Mar/21

Status: Closed
Project: Java Driver
Component/s: Session Management
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Jack Wearden Assignee: Ross Lawley
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Documentation Changes: Not Needed

 Description   

Server sessions can be reused by the same database user who created them even across different connections and applications, but the Java driver validates that any session reference passed in is from the same MongoClient:

Exception: java.lang.IllegalStateException: state should be: ClientSession from same MongoClient

Source: https://github.com/mongodb/mongo-java-driver/blob/d57dfa8af686180239058a06eca838e18bfe5cdd/driver-sync/src/main/com/mongodb/client/internal/MongoClientDelegate.java#L259

There are circumstances where 2 different connections are using the same MongoClient and using the same session. (We are using this case for integrity testing of some replica set operations involving IP resolution changes, where 1 mongoclient is connected to an old IP via a proxy, and 1 is connected to a new IP via a proxy).

I have tried to work around this validation by using runCommand() with an explicit `lsid` operation like so:

final Document result =
  pClient
    .getDatabase("test")
    .runCommand(
      new Document("find", "test")
      .append("sort", new BsonDocument("i", new BsonInt32(1)))
      }}{{.append("batchSize", 0)
      }}{{.append("lsid", _sessionIdent));

But it appears in this case, the driver implicitly creates a new session and assigns a second `lsid` property, causing this server duplicate bson field error:

com.mongodb.MongoCommandException: Command failed with error 40413 (Location40413): 'BSON field 'APIParametersFromClient.lsid' is a duplicate field' on server xxx-hostname-here-xxx:27017. The full response is {"ok": 0.0, "errmsg": "BSON field 'APIParametersFromClient.lsid' is a duplicate field", "code": 40413, "codeName": "Location40413", "$clusterTime": {"clusterTime": {"$timestamp": {"t": 1615894777, "i": 1, "signature": {"hash":

{"$binary": "XQL3Tqirs9PAzLVPXsuKQHdxE4E=", "$type": "00"}

, "keyId": {"$numberLong": "6939936267161305090"}}}, "operationTime": {"$timestamp":

{"t": 1615894777, "i": 1}

}}}}

 

2 questions:

  • Is there some way we can make use of a session ID created outside the MongoClient performing the operation, without driver code changes?
  • It seems the server supports the operation, is the validation in question is superfluous and can it be removed?


 Comments   
Comment by Jack Wearden [ 16/Mar/21 ]

Thanks for that spec Ross, that is really helpful - I had learned sessions were not scoped to connections, but I didn't realise they were scoped to a client.

The original observation in this ticket no longer makes sense given that ticket, so I'll close it out and try another strategy.

Comment by Ross Lawley [ 16/Mar/21 ]

Hi jack.wearden,

This is as per specification see the driver sessions specification. It may be worth reaching out to the authors and / or creating a HELP ticket for the feature.

Please note: any changes to behaviour would require changes to this specification.

Ross

Comment by Jack Wearden [ 16/Mar/21 ]

And possibly a third suggestion - when a user has explicitly attached an `lsid`, could the driver skip adding its own?

Generated at Thu Feb 08 09:01:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.