<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:48:56 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-38432] A session can expire on the server even when the driver is using it </title>
                <link>https://jira.mongodb.org/browse/SERVER-38432</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;A session which is being continually used by a driver can expire on the server because the server does not update a session&apos;s &quot;lastUse&quot; time for commands that do not require auth, instead the session related arguments are ignored completely: &lt;a href=&quot;https://github.com/mongodb/mongo/blob/r4.0.4/src/mongo/db/initialize_operation_session_info.cpp#L64-L71&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/r4.0.4/src/mongo/db/initialize_operation_session_info.cpp#L64-L71&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In practice this means that it&apos;s not possible to keep a &lt;tt&gt;noCursorTimeout:true&lt;/tt&gt; cursor alive by periodically running isMaster with the cursor&apos;s session. As a workaround users can run a command that requires auth (such as listCollections) to correctly keep the session, and therefore the cursor, alive.&lt;/p&gt;

&lt;p&gt;It seems to me that when a user is authenticated, any command they run that includes a session should create the session if necessary and update its lastUse time.&lt;/p&gt;</description>
                <environment></environment>
        <key id="645188">SERVER-38432</key>
            <summary>A session can expire on the server even when the driver is using it </summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13202">Works as Designed</resolution>
                                        <assignee username="randolph@mongodb.com">Randolph Tan</assignee>
                                    <reporter username="shane.harvey@mongodb.com">Shane Harvey</reporter>
                        <labels>
                            <label>security</label>
                    </labels>
                <created>Wed, 5 Dec 2018 23:09:46 +0000</created>
                <updated>Mon, 8 Jan 2024 15:23:13 +0000</updated>
                            <resolved>Fri, 25 Jan 2019 14:55:40 +0000</resolved>
                                                                    <component>Sharding</component>
                                        <votes>0</votes>
                                    <watches>21</watches>
                                                                                                                <comments>
                            <comment id="2118755" author="shane.harvey" created="Thu, 17 Jan 2019 19:58:09 +0000"  >&lt;p&gt;Thanks Jason, I did update &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-11255&quot; title=&quot;Document that 3.6 implicit sessions may cause noTimeout cursors to close while in use.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-11255&quot;&gt;&lt;del&gt;DOCS-11255&lt;/del&gt;&lt;/a&gt; to use the &lt;tt&gt;refreshSessions&lt;/tt&gt; command instead of &lt;tt&gt;isMaster&lt;/tt&gt; after creating this ticket. I think I agree that this is working as designed, here&apos;s a excerpt from the Logical Sessions design doc:&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;Sessions and Pre-Auth Commands&lt;br/&gt;
 Certain MongoDB commands, like &#8220;ping&#8221; and &#8220;ismaster&#8221;, are processed outside of auth, and are used by drivers before authentication can begin. If a logical session id is passed to any of these commands, it will be ignored. Pre-auth commands cannot be associated with sessions.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;However, I would still like to see this change implemented because it makes sessions behave more consistently across all commands. I think most (if not all) of the drivers team would be surprised to learn about this behavior. Opened &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-12376&quot; title=&quot;Document that commands which do not require auth are not associated with sessions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-12376&quot;&gt;&lt;del&gt;DOCS-12376&lt;/del&gt;&lt;/a&gt; to document the current behavior of ignoring sessions on certain commands since as far as I can tell it&apos;s not documented anywhere except the design doc.&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;I&apos;d consider that a larger change, and something I&apos;d want to at least see a scope for&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;SGTM&lt;/p&gt;</comment>
                            <comment id="2117451" author="jason.carey" created="Wed, 16 Jan 2019 19:49:50 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=renctan&quot; class=&quot;user-hover&quot; rel=&quot;renctan&quot;&gt;renctan&lt;/a&gt;,  Logical sessions only make sense in the context of an authenticated user.  Using the noDigest uid is effectively creating sessions under the &quot;&quot; user, which are meaningless (the real user won&apos;t be able to act on them, won&apos;t be able to kill or read from cursors opened in them, etc.)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=shane.harvey&quot; class=&quot;user-hover&quot; rel=&quot;shane.harvey&quot;&gt;shane.harvey&lt;/a&gt;, I think session refresh is working as designed.  There was an explicit mechanism made to refresh logical sessions (refreshSessions), which does use auth and does... refresh sessions.  I&apos;m not sure why isMaster needs to do that job.&lt;/p&gt;

&lt;p&gt;I can see an argument for changing commands which don&apos;t require auth to still bind an lsid (on auth&apos;d connections), but I&apos;d consider that a larger change, and something I&apos;d want to at least see a scope for&lt;/p&gt;</comment>
                            <comment id="2112802" author="renctan" created="Fri, 11 Jan 2019 19:55:28 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt; Yes, that was the intention, to be able to extend the lifetime of whatever session they may have been using on ops that don&apos;t require auth. Our docs doesn&apos;t appear to say anything about requiring auth, so I was unsure whether we should assign a default uid for these cases or just completely ignore the session id from the user (I don&apos;t think we can just error since drivers would always have a default session).&lt;/p&gt;</comment>
                            <comment id="2111839" author="spencer.jackson@10gen.com" created="Thu, 10 Jan 2019 23:43:25 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=renctan&quot; class=&quot;user-hover&quot; rel=&quot;renctan&quot;&gt;renctan&lt;/a&gt;, what do you want to use this hash for? To generate the ID whose lastUse you&apos;re about to update? Is this for the case where there actually is no currently authenticated user? If so, why are we attempting to parse apart the LSID, given that the client should not be allowed to bump the expiration of any session?&lt;/p&gt;</comment>
                            <comment id="2111656" author="renctan" created="Thu, 10 Jan 2019 21:18:14 +0000"  >&lt;p&gt;I was trying to fix this and I ran into an issue when auth is on because it asserts that a user should be authenticated when trying to compute for the uid hash for the logical session id. I am planning on using &lt;a href=&quot;https://github.com/mongodb/mongo/blob/ae66e32d6d4f22e8958d5e0b8aa47a2602ce1210/src/mongo/db/logical_session_id_helpers.cpp#L48&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this digest&lt;/a&gt; for cases when auth ON + auth not required for cmd + no user logged in. Does that sound good to you? &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=mira.carey%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;mira.carey@mongodb.com&quot;&gt;mira.carey@mongodb.com&lt;/a&gt;, &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="487034">DOCS-11255</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="674331">DOCS-12376</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="679074">SERVER-39232</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 10 Jan 2019 21:18:14 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 3 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 3 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>mira.carey@mongodb.com</customfieldvalue>
            <customfieldvalue>randolph@mongodb.com</customfieldvalue>
            <customfieldvalue>shane.harvey@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|huetcv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrftj3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2725">Sharding 2019-01-14</customfieldvalue>
    <customfieldvalue id="2726">Sharding 2019-01-28</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|huefm7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>