SERVER-28190 Add internal tracking ids to users

author: samantharitter <samantha.ritter@10gen.com> 2017-03-27 13:49:41 -0400
committer: samantharitter <samantha.ritter@10gen.com> 2017-05-05 14:44:26 -0400
commit: 02edad4ea3cd611e5428c9b8c191f70332c38994 (patch)
tree: e682a93e36bf563689fd309041ab3d553ecdf0a9 /src/mongo/db/auth/authorization_session.h
parent: e6d9d9722c86626c86a157be45f721ed49267863 (diff)
download: mongo-02edad4ea3cd611e5428c9b8c191f70332c38994.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index ab4c5dec27c..f93aec27d6a 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -301,9 +301,12 @@ protected:
 private:
     // If any users authenticated on this session are marked as invalid this updates them with
     // up-to-date information. May require a read lock on the "admin" db to read the user data.
+    //
+    // When refreshing a user document, we will use the current user's id to confirm that our
+    // user is of the same generation as the refreshed user document. If the generations don't
+    // match we will remove the outdated user document from the cache.
     void _refreshUserInfoAsNeeded(OperationContext* opCtx);
 
-
     // Checks if this connection is authorized for the given Privilege, ignoring whether or not
     // we should even be doing authorization checks in general.  Note: this may acquire a read
     // lock on the admin database (to update out-of-date user privilege information).
author	samantharitter <samantha.ritter@10gen.com>	2017-03-27 13:49:41 -0400
committer	samantharitter <samantha.ritter@10gen.com>	2017-05-05 14:44:26 -0400
commit	02edad4ea3cd611e5428c9b8c191f70332c38994 (patch)
tree	e682a93e36bf563689fd309041ab3d553ecdf0a9 /src/mongo/db/auth/authorization_session.h
parent	e6d9d9722c86626c86a157be45f721ed49267863 (diff)
download	mongo-02edad4ea3cd611e5428c9b8c191f70332c38994.tar.gz