[SERVER-30298] Add user digest to logical session id Created: 25/Jul/17  Updated: 30/Oct/23  Resolved: 26/Jul/17

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 3.5.11

Type: New Feature Priority: Major - P3
Reporter: Mira Carey Assignee: Mira Carey
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Platforms 2017-07-31
Participants:

 Description   

Inclusion of a sha256 digest of the full username to the logical session id (in addition to the current guid) is necessary to fully disambiguate logical sessions in degraded clusters (when the authoritative record for a session is unreachable).

Semantics for the uid are as follows:

session creation via startSession()

  • Sessions can only be created with one, and only one, user authenticated
  • The composite key is created from a guid created on the spot, as well as the digest of the currently auth'd username
  • Only the session guid is returned to the user
    • This prevents outside users from attempting to send back a value we'd have to check. It's preferable to decorate the guid with the user digest per command, rather than having to check a value the user might send.

session use for a command

  • Sessions are passed via the lsid top level field in any command
  • Sessions are only meaningful for commands which requireAuth. For sessions which don't require auth, we strip session information from the command at parse time
  • Session ids are passed as an object, which can optionally include the username digest
    • It is illegal to pass the username digest unless the currently auth'd user has the impersonate privilege (the __system user does). This enables sessions on shard servers via mongos


 Comments   
Comment by Githook User [ 26/Jul/17 ]

Author:

{'email': 'jcarey@argv.me', 'username': 'hanumantmk', 'name': 'Jason Carey'}

Message: SERVER-30298 Add UserDigest LogicalSessionID

Inclusion of a sha256 digest of the full username to the logical session
id (in addition to the current guid) is necessary to fully disambiguate
logical sessions in degraded clusters (when the authoritative record for
a session is unreachable).

Semantics for the uid are as follows:

session creation via startSession()

  • Sessions can only be created with one, and only one, user authenticated
  • The composite key is created from a guid created on the spot, as well
    as the digest of the currently auth'd username
  • Only the session guid is returned to the user
  • This prevents outside users from attempting to send back a value
    we'd have to check. It's preferable to decorate the guid with the
    user digest per command, rather than having to check a value the user
    might send.

session use for a command

  • Sessions are passed via the lsid top level field in any command
  • Sessions are only meaningful for commands which requireAuth. For
    sessions which don't require auth, we strip session information from the
    command at parse time
  • Session ids are passed as an object, which can optionally include the
    username digest
  • It is illegal to pass the username digest unless the currently
    auth'd user has the impersonate privilege (the __system user does).
    This enables sessions on shard servers via mongos
    Branch: master
    https://github.com/mongodb/mongo/commit/edfe3f3b1276ef3598b1af673d088e6b5c4b3ad5
Generated at Thu Feb 08 04:23:19 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.