...
BugZero found this defect 2727 days ago.
Currently User* pointers are checked in and out of the AuthorizationManager, by entities which want to access users. The AuthorizationManager will invalidate User*s if their underlying user document is modified. When this happens, consumers should return their User* and get an up to date copy. When the old User*'s refcount reaches 0, the AuthorizationManager releases its memory. We should have an RAII type for Users. Then, consumers cannot forget to release the memory. It should be possible to load and remove these objects into UserSets, without ever letting ownership leak even for a moment.
spencer.jackson@10gen.com commented on Thu, 16 May 2019 18:27:14 +0000: This has been done while LRU caching users.