node-mssql
node-mssql copied to clipboard
dirty session
I noticed that the connection pool is leaving a “dirty” session. Meaning, after putting a connection back to the pool, the next process taking it might find some session values stored in mssql. I use sp_set_session_context to store variables.
This is a security bug, as the standard way of implementing row level security is to use sp_set_session_context.
tested on: tedious: 14.1.0 mssql: 7.3.5
sql database: mssql azure database
Expected behaviour:
Session must be clean, connection re-used
Actual behaviour:
session is not cleaned.