A session which is being continually used by a driver can expire on the server because the server does not update a session's "lastUse" time for commands that do not require auth, instead the session related arguments are ignored completely: https://github.com/mongodb/mongo/blob/r4.0.4/src/mongo/db/initialize_operation_session_info.cpp#L64-L71
In practice this means that it's not possible to keep a noCursorTimeout:true cursor alive by periodically running isMaster with the cursor's session. As a workaround users can run a command that requires auth (such as listCollections) to correctly keep the session, and therefore the cursor, alive.
It seems to me that when a user is authenticated, any command they run that includes a session should create the session if necessary and update its lastUse time.
- is related to
-
SERVER-39232 Allow commands that do not require auth to refresh sessions
- Closed