Info

After SERVER-28260, a cursor created with an 'lsid' cannot be killed without passing the same lsid: $ cat killCursorsBug.js db.test.insertOne({}); var res = db.runCommand({find: "test", batchSize: 0, lsid: {id: BinData(4, "QlLfPHTySm6tqfuV+EOsVA==")}}); res = db.runCommand({killCursors: "test", cursors: [res.cursor.id]}); printjson(res); $ mongo 'mongodb://user:password@localhost:27017' killCursorsBug.js MongoDB shell version v3.4.10 connecting to: mongodb://user:password@localhost:27017 MongoDB server version: 3.7.0-180-g09d3d18 WARNING: shell and server versions do not match { "operationTime" : Timestamp(1512435604, 1), "ok" : 0, "errmsg" : "not authorized on test to execute command { killCursors: \"test\", cursors: [ 78117941810 ], $db: \"test\" }", "code" : 13, "codeName" : "Unauthorized" } killCursors should succeed when run with a different session or even no session at all.

Top User Comments

xgen-internal-githook commented on Wed, 10 Jan 2018 17:51:41 +0000: Author: {'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'} Message: SERVER-32169 Allow killCursors to kill across lsids (cherry picked from commit 0c0133f83aeb7930e90cb006e89cfce68aad2ad2) Branch: v3.6 https://github.com/mongodb/mongo/commit/28ce0593dc8a3ab228cf14b0fbbc0817f222d0f4 xgen-internal-githook commented on Tue, 12 Dec 2017 20:39:11 +0000: Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'} Message: SERVER-32169 Allow killCursors to kill across lsids Branch: master https://github.com/mongodb/mongo/commit/0c0133f83aeb7930e90cb006e89cfce68aad2ad2 jesse commented on Tue, 5 Dec 2017 18:59:46 +0000: 3.6.0 is ok. I observed in 3.6.0 with latest PyMongo: PyMongo sends no lsid with killCursors if the cursor is created with an implicit session and is destroyed by the garbage collector. MongoDB replies with the killed cursor's id in the "cursorsKilled" array, indicating (truthfully?) that it actually killed the cursor. sara.golemon thinks that MongoDB 3.6.0 can associate the cursor with its session and kill it successfully even if killCursors is sent with no lsid. I also tried sending killCursors from PyMongo with the wrong lsid and that also appeared to kill the cursor with MongoDB 3.6.0. With the shell also, the wrong lsid is allowed. New in 3.7.x, PyMongo isn't allowed to call killCursors with no lsid, and as Shane showed above, killCursors with the wrong lsid is also prohibited. We need to change this back to allow killCursors with no lsid or the wrong lsid, so long as the user is authorized to kill this cursor. I've specified a test (DRIVERS-430) for all drivers that the killCursors reply has an empty "cursorsAlive" array and the expected cursor id is found in the "cursorsKilled" array. xgen-internal-githook commented on Tue, 5 Dec 2017 11:21:38 +0000: Author: {'username': 'estolfo', 'email': 'emily@mongodb.com', 'name': 'Emily'} Message: Skip cursor reaper test for 3.6, ref: SERVER-32169 Branch: master https://github.com/mongodb/mongo-ruby-driver/commit/7ef944e57108b812995cff576d05ada673a96fec behackett commented on Tue, 5 Dec 2017 01:32:04 +0000: The reason this is important is that some drivers have to call killCursors explicitly (for example, a no timeout cursor that hasn't been fully iterated is abandoned by the application), often asynchronously on a background thread. For MongoDB 3.6 drivers create an implicit session (or use an already started session from the session pool) for each operation when an explicit session was not provided.

Steps to Reproduce