dirty session

[tobiasgrossmann]

I noticed that the connection pool is leaving a “dirty” session. Meaning, after putting a connection back to the pool, the next process taking it might find some session values stored in mssql. I use sp_set_session_context to store variables.

This is a security bug, as the standard way of implementing row level security is to use sp_set_session_context.

tested on: tedious: 14.1.0 mssql: 7.3.5

sql database: mssql azure database

Expected behaviour:

Session must be clean, connection re-used

Actual behaviour:

session is not cleaned.