<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:32:57 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-54216] killAllSessions produces authorization error while killing own sessions</title>
                <link>https://jira.mongodb.org/browse/SERVER-54216</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://docs.mongodb.com/manual/reference/command/killAllSessions/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/reference/command/killAllSessions/&lt;/a&gt; says:&lt;/p&gt;

&lt;p&gt;&amp;gt; If the deployment enforces authentication/authorization, you must have the killAnySession to run the killAllSessions command.&lt;/p&gt;

&lt;p&gt;&amp;gt; Users can kill their own sessions even without killAnySession privilege action.&lt;/p&gt;

&lt;p&gt;I wrote a test program that created an unprivileged user and tried to kill this user&apos;s session:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;require &apos;mongo&apos;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;ac = Mongo::Client.new(&apos;mongodb://dev:dev@localhost:14430/admin&apos;)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;ac.database.users.remove(&apos;u&apos;) rescue nil&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;ac.database.users.create(&apos;u&apos;, password: &apos;u&apos;, roles: [])&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;c = Mongo::Client.new(&apos;mongodb://u:u@localhost:14430/test?authSource=admin&apos;)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;c.command(killAllSessions: [{user: &apos;u&apos;, db: &apos;admin&apos;}])&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;This produced an error:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;/home/w/.rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/mongo-2.14.0/lib/mongo/operation/result.rb:343:in `raise_operation_failure&apos;: not authorized on test to execute command { killAllSessions: [ { user: &quot;u&quot;, db: &quot;admin&quot; } ], $db: &quot;test&quot;, $readPreference: { mode: &quot;primary&quot; }, $clusterTime: { clusterTime: Timestamp(1612295875, 2), signature: { hash: BinData(0, FC221A2F292297A116C77126E8DFBB14A4A232EC), keyId: 6924477619006078979 } }, lsid: { id: UUID(&quot;bbd5742e-9f38-4137-b644-c94371244b69&quot;) } } (13) (on localhost:14430) (Mongo::Error::OperationFailure)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;It seems the server is not behaving as documented by not allowing the user to kill their own sessions.&lt;/p&gt;

&lt;p&gt;The session killing is part of unified test runner requirements (&lt;a href=&quot;https://github.com/mongodb/specifications/blob/master/source/unified-test-format/unified-test-format.rst&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/blob/master/source/unified-test-format/unified-test-format.rst&lt;/a&gt;). On Atlas the killAllSession privilege is not granted to any user and is not grantable (&lt;a href=&quot;https://jira.mongodb.org/browse/DOCSP-14305&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/DOCSP-14305&lt;/a&gt;), and with  the user being unable to kill their own sessions per this ticket   the unified test runner cannot be executed on Atlas at all it seems (as part of &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-828&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/DRIVERS-828&lt;/a&gt;).&lt;/p&gt;</description>
                <environment></environment>
        <key id="1609448">SERVER-54216</key>
            <summary>killAllSessions produces authorization error while killing own sessions</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="backlog-server-security">Backlog - Security Team</assignee>
                                    <reporter username="oleg.pudeyev@mongodb.com">Oleg Pudeyev</reporter>
                        <labels>
                    </labels>
                <created>Tue, 2 Feb 2021 20:03:18 +0000</created>
                <updated>Mon, 8 Jan 2024 15:22:52 +0000</updated>
                            <resolved>Mon, 19 Apr 2021 18:00:01 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="3697053" author="JIRAUSER1258160" created="Thu, 1 Apr 2021 18:34:46 +0000"  >&lt;p&gt;Putting this ticket into scheduling queue, so that we can agree on design and properly scope and assign&lt;/p&gt;</comment>
                            <comment id="3694740" author="oleg.pudeyev" created="Wed, 31 Mar 2021 19:14:40 +0000"  >&lt;p&gt;I expect it will be easier for drivers to simply not kill sessions (or, more precisely, make session killing conditional).&lt;/p&gt;</comment>
                            <comment id="3694715" author="JIRAUSER1258160" created="Wed, 31 Mar 2021 19:02:48 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=oleg.pudeyev&quot; class=&quot;user-hover&quot; rel=&quot;oleg.pudeyev&quot;&gt;oleg.pudeyev&lt;/a&gt; I was offering a workaround to use combination of $listSessions and killSessions commands, would that not fulfill your needs?&lt;/p&gt;</comment>
                            <comment id="3694703" author="oleg.pudeyev" created="Wed, 31 Mar 2021 18:57:29 +0000"  >&lt;p&gt;It is my understanding that drivers currently use killAllSessions to abort any in-progress transactions when testing transactions. Without this, test suites can hang for long times when open transactions make operations stuck (I believe dropping databases might be an example of an operation that would get stuck if there are open transactions on that database?)&lt;/p&gt;

&lt;p&gt;killAnySession privilege is not implemented by Atlas. Therefore we are unable to killAllSessions in Atlas.&lt;/p&gt;

&lt;p&gt;As a workaround, drivers are configuring themselves to not killAllSessions when running Atlas maintenance tests. I believe this workaround is sufficient for the time being. If the server feels that any change to killAllSessions is non-trivial, I will communicate this in &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-1577&quot; title=&quot;Workarounds for killAllSessions in unified test runner&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-1577&quot;&gt;DRIVERS-1577&lt;/a&gt;  with the expectation that drivers will be formally required to not killAllSessions when running Atlas maintenance tests.&lt;/p&gt;</comment>
                            <comment id="3694667" author="JIRAUSER1258160" created="Wed, 31 Mar 2021 18:39:45 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=oleg.pudeyev&quot; class=&quot;user-hover&quot; rel=&quot;oleg.pudeyev&quot;&gt;oleg.pudeyev&lt;/a&gt; I got the subject reviewed with &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt;, and there are a couple of points:&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;listsessionskillsessionsandsessionidcollision&quot;&gt;&lt;/a&gt;listsessions+killsessions and session id collision&lt;/h3&gt;

&lt;p&gt;this is an event which is so rare that we consider it impossible. There was a discussion previously, I believe &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=schwerin&quot; class=&quot;user-hover&quot; rel=&quot;schwerin&quot;&gt;schwerin&lt;/a&gt; and &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=mira.carey%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;mira.carey@mongodb.com&quot;&gt;mira.carey@mongodb.com&lt;/a&gt; were involved, and the outcome was: session ids can be considered to be unique at all times&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;killAllSessionstoallowworkingwithoutkillAnySessionprivilege&quot;&gt;&lt;/a&gt;killAllSessions to allow working without killAnySession privilege&lt;/h3&gt;

&lt;p&gt;this is not how it works now, but the change is possible, and it could work in several ways:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;killAllSessions when run without a killAnySession privilege kills all sessions it has access to and ignores any &quot;access denied&quot; errors. It also implies, that there is never an &quot;access denied&quot; to this call&lt;/li&gt;
	&lt;li&gt;killAllSessions can have a second boolean optional parameter indicating that only own sessions must be killed. This will allow running it without killAnySession privilege&lt;/li&gt;
	&lt;li&gt;killAllSessions when run without a killAnySession can return errors and indicate which sessions were not killed due to access denied, but only when the session has listSessions action privilege, so that to only reveal existence of other sessions if it already has an access to see them&lt;/li&gt;
	&lt;li&gt;killAllSessions can operate without killAnySession privilege, but only when a filter specified with a single object matching own userid and db. This is doable, but a bit clunky, and has potential for bugs&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;We probably need to make this a feature ticket to get this going, so that we can formally change behavior, since there is so many options and a design review is in order to get an agreement how we implement this.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=oleg.pudeyev&quot; class=&quot;user-hover&quot; rel=&quot;oleg.pudeyev&quot;&gt;oleg.pudeyev&lt;/a&gt; please indicate if killing own sessions via a single call is an absolute must for drivers, or you can get away with listsessions+killsessions . If it&apos;s a former, we should start a feature design&lt;/p&gt;
</comment>
                            <comment id="3694489" author="oleg.pudeyev" created="Wed, 31 Mar 2021 17:35:38 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=sergey.galtsev&quot; class=&quot;user-hover&quot; rel=&quot;sergey.galtsev&quot;&gt;sergey.galtsev&lt;/a&gt; The documentation at &lt;a href=&quot;https://docs.mongodb.com/manual/reference/command/killAllSessions/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/reference/command/killAllSessions/&lt;/a&gt; does not say anything about the command returning a list of sessions it failed to kill.&lt;/p&gt;

&lt;p&gt;Generally to iterate an unbounded list, drivers must receive a cursor from the server. The documentation doesn&apos;t state that killAllSessions returns a cursor either (and cursors must be cleaned up, so simply returning one without the driver expecting it won&apos;t be great too).&lt;/p&gt;

&lt;p&gt;If  killAllSessions does indeed return a list of sessions it failed to kill, this should be documented in the documentation.  I suspect it doesn&apos;t return such a list.&lt;/p&gt;

&lt;p&gt;The documentation also states precedent for killAllSessions ignoring some of the requested sessions:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;(1, 2) The killAllSessions operation ignores sessions that have transactions in prepared state. See Behavior for details.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Ignoring other sessions (such as those from other users) seems consistent with existing behavior.&lt;/p&gt;

&lt;p&gt;Using listsessions+killsessions would, I think, cause at least the following problem:&lt;/p&gt;

&lt;p&gt;1. User A via application P creates a session S.&lt;br/&gt;
2. User A  (now logged in via a shell) wants to kill all sessions. The list of sessions is retrieved which includes S.&lt;br/&gt;
3. The application P is done with session S and deletes it.&lt;br/&gt;
4. Application Q, running via user B, creates a session which happens to be named S.&lt;br/&gt;
5. User A issues killsessions for many sessions including S.&lt;/p&gt;

&lt;p&gt;Now, either the killsessions in step 5 has to fail, or failure to kill someone else&apos;s session is silent and not reported by the server. If the former happens, what is the user A to do when session killing fails? If the latter happens, it would be much easier for user A to use killallsessions and for that command to ignore sessions that the user A isn&apos;t allowed to kill.&lt;/p&gt;</comment>
                            <comment id="3694373" author="JIRAUSER1258160" created="Wed, 31 Mar 2021 16:58:03 +0000"  >&lt;p&gt;The &lt;a href=&quot;https://docs.mongodb.com/manual/reference/command/killAllSessions/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;manual page of killAllSessions&lt;/a&gt; states:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;If the deployment enforces authentication/authorization, you must have the killAnySession to run the killAllSessions command.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;With this in mind, the behavior described in the ticket is as-designed. Users can indeed kill their own sessions, they just can not use killAllSessions command to do it.&lt;/p&gt;

&lt;p&gt;Reasoning behind this behavior: We can&apos;t let killAllSessions just kill sessions it has access to and leave the other sessions alone, because there is no consistent way to provide feedback without revealing potentially secure information. When some sessions are killed and some are not, do we  provide list of session we failed to kill? If yes, then we just revealed to the user some information said user didn&apos;t have access to. If no, do we fail or succeed? If we fail, then we just revealed that there &lt;em&gt;are&lt;/em&gt; sessions current user has no access to - this is still leakage of security information.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=oleg.pudeyev&quot; class=&quot;user-hover&quot; rel=&quot;oleg.pudeyev&quot;&gt;oleg.pudeyev&lt;/a&gt; can you please check if your requirements could be satisfied using a combination of &lt;a href=&quot;https://docs.mongodb.com/manual/reference/operator/aggregation/listSessions&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;$listSessions&lt;/a&gt; and &lt;a href=&quot;https://docs.mongodb.com/manual/reference/command/killSessions/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;killSessions&lt;/a&gt; commands?&lt;/p&gt;
</comment>
                            <comment id="3648860" author="jmikola@gmail.com" created="Fri, 5 Mar 2021 12:10:41 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=shreyas.kalyan&quot; class=&quot;user-hover&quot; rel=&quot;shreyas.kalyan&quot;&gt;shreyas.kalyan&lt;/a&gt;: Does this bug also apply to &lt;a href=&quot;https://docs.mongodb.com/manual/reference/command/killAllSessionsByPattern/#access-control&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;&lt;tt&gt;killAllSessionsByPattern&lt;/tt&gt;&lt;/a&gt;. Note that it says &quot;Users can kill their own sessions even without killAnySession privilege action.&quot;&lt;/p&gt;

&lt;p&gt;I&apos;m specifically considering the case where we might want to use &lt;tt&gt;killAllSessionsByPattern&lt;/tt&gt; to kill individual sessions (owned by the currently authenticated user) by their LSID and &lt;em&gt;not&lt;/em&gt; the users/roles patterns.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1629969">DRIVERS-1577</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 5 Mar 2021 12:10:41 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 44 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 44 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-security</customfieldvalue>
            <customfieldvalue>jmikola@mongodb.com</customfieldvalue>
            <customfieldvalue>oleg.pudeyev@mongodb.com</customfieldvalue>
            <customfieldvalue>sergey.galtsev@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyst2v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hyeecv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4683">Security 2021-03-08</customfieldvalue>
    <customfieldvalue id="4684">Security 2021-03-22</customfieldvalue>
    <customfieldvalue id="4793">Security 2021-04-05</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hysfbz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>