<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:23:19 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-30298] Add user digest to logical session id</title>
                <link>https://jira.mongodb.org/browse/SERVER-30298</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Inclusion of a sha256 digest of the full username to the logical session id (in addition to the current guid) is necessary to fully disambiguate logical sessions in degraded clusters (when the authoritative record for a session is unreachable).&lt;/p&gt;

&lt;p&gt;Semantics for the uid are as follows:&lt;/p&gt;

&lt;p&gt;session creation via startSession()&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Sessions can only be created with one, and only one, user authenticated&lt;/li&gt;
	&lt;li&gt;The composite key is created from a guid created on the spot, as well as the digest of the currently auth&apos;d username&lt;/li&gt;
	&lt;li&gt;Only the session guid is returned to the user
	&lt;ul&gt;
		&lt;li&gt;This prevents outside users from attempting to send back a value we&apos;d have to check.  It&apos;s preferable to decorate the guid with the user digest per command, rather than having to check a value the user might send.&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;session use for a command&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Sessions are passed via the lsid top level field in any command&lt;/li&gt;
	&lt;li&gt;Sessions are only meaningful for commands which requireAuth.  For sessions which don&apos;t require auth, we strip session information from the command at parse time&lt;/li&gt;
	&lt;li&gt;Session ids are passed as an object, which can optionally include the username digest
	&lt;ul&gt;
		&lt;li&gt;It is illegal to pass the username digest unless the currently auth&apos;d user has the impersonate privilege (the __system user does).  This enables sessions on shard servers via mongos&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="408060">SERVER-30298</key>
            <summary>Add user digest to logical session id</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="mira.carey@mongodb.com">Mira Carey</assignee>
                                    <reporter username="mira.carey@mongodb.com">Mira Carey</reporter>
                        <labels>
                    </labels>
                <created>Tue, 25 Jul 2017 15:30:58 +0000</created>
                <updated>Mon, 30 Oct 2023 23:14:58 +0000</updated>
                            <resolved>Wed, 26 Jul 2017 19:56:34 +0000</resolved>
                                                    <fixVersion>3.5.11</fixVersion>
                                    <component>Internal Code</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="1632692" author="xgen-internal-githook" created="Wed, 26 Jul 2017 19:54:58 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;jcarey@argv.me&apos;, &apos;username&apos;: &apos;hanumantmk&apos;, &apos;name&apos;: &apos;Jason Carey&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30298&quot; title=&quot;Add user digest to logical session id&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30298&quot;&gt;&lt;del&gt;SERVER-30298&lt;/del&gt;&lt;/a&gt; Add UserDigest LogicalSessionID&lt;/p&gt;

&lt;p&gt;Inclusion of a sha256 digest of the full username to the logical session&lt;br/&gt;
id (in addition to the current guid) is necessary to fully disambiguate&lt;br/&gt;
logical sessions in degraded clusters (when the authoritative record for&lt;br/&gt;
a session is unreachable).&lt;/p&gt;

&lt;p&gt;Semantics for the uid are as follows:&lt;/p&gt;

&lt;p&gt;session creation via startSession()&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Sessions can only be created with one, and only one, user authenticated&lt;/li&gt;
	&lt;li&gt;The composite key is created from a guid created on the spot, as well&lt;br/&gt;
  as the digest of the currently auth&apos;d username&lt;/li&gt;
	&lt;li&gt;Only the session guid is returned to the user&lt;/li&gt;
	&lt;li&gt;This prevents outside users from attempting to send back a value&lt;br/&gt;
    we&apos;d have to check.  It&apos;s preferable to decorate the guid with the&lt;br/&gt;
    user digest per command, rather than having to check a value the user&lt;br/&gt;
    might send.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;session use for a command&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Sessions are passed via the lsid top level field in any command&lt;/li&gt;
	&lt;li&gt;Sessions are only meaningful for commands which requireAuth.  For&lt;br/&gt;
  sessions which don&apos;t require auth, we strip session information from the&lt;br/&gt;
  command at parse time&lt;/li&gt;
	&lt;li&gt;Session ids are passed as an object, which can optionally include the&lt;br/&gt;
  username digest&lt;/li&gt;
	&lt;li&gt;It is illegal to pass the username digest unless the currently&lt;br/&gt;
    auth&apos;d user has the impersonate privilege (the __system user does).&lt;br/&gt;
    This enables sessions on shard servers via mongos&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/edfe3f3b1276ef3598b1af673d088e6b5c4b3ad5&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/edfe3f3b1276ef3598b1af673d088e6b5c4b3ad5&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 26 Jul 2017 19:54:58 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        6 years, 29 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-620</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            6 years, 29 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>mira.carey@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htblg7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hra36n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1802">Platforms 2017-07-31</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htb7iv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>