mysql-net · Copilot · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025
diff --git a/src/MySqlConnector/Core/ServerSession.cs b/src/MySqlConnector/Core/ServerSession.cs
@@ -47,6 +47,8 @@ public ServerSession(ILogger logger, IConnectionPoolMetadata pool)
 	public int ActiveCommandId { get; private set; }
 	public int CancellationTimeout { get; private set; }
 	public int ConnectionId { get; set; }
+	public string? ServerUuid { get; set; }
+	public long? ServerId { get; set; }
 	public byte[]? AuthPluginData { get; set; }
 	public long CreatedTimestamp { get; }
 	public ConnectionPool? Pool { get; }
@@ -117,6 +119,14 @@ public void DoCancel(ICancellableCommand commandToCancel, MySqlCommand killComma
 				return;
 			}
 
+			// Verify server identity before executing KILL QUERY to prevent cancelling on the wrong server
+			var killSession = killCommand.Connection!.Session;
+			if (!VerifyServerIdentity(killSession))
+			{
+				Log.IgnoringCancellationForDifferentServer(m_logger, Id, killSession.Id, ServerUuid, killSession.ServerUuid, ServerId, killSession.ServerId);
+				return;
+			}
+
 			// NOTE: This command is executed while holding the lock to prevent race conditions during asynchronous cancellation.
 			// For example, if the lock weren't held, the current command could finish and the other thread could set ActiveCommandId
 			// to zero, then start executing a new command. By the time this "KILL QUERY" command reached the server, the wrong
@@ -137,6 +147,26 @@ public void AbortCancel(ICancellableCommand command)
 		}
 	}
 
+	private bool VerifyServerIdentity(ServerSession otherSession)
+	{
+		// If server UUID is available, use it as the primary identifier (most unique)
+		if (!string.IsNullOrEmpty(ServerUuid) && !string.IsNullOrEmpty(otherSession.ServerUuid))
+		{
+			return string.Equals(ServerUuid, otherSession.ServerUuid, StringComparison.Ordinal);
+		}
+
+		// Fall back to server ID if UUID is not available
+		if (ServerId.HasValue && otherSession.ServerId.HasValue)
+		{
+			return ServerId.Value == otherSession.ServerId.Value;
+		}
+
+		// If no server identification is available, allow the operation to proceed
+		// This maintains backward compatibility with older MySQL versions
+		Log.NoServerIdentificationForVerification(m_logger, Id, otherSession.Id);
+		return true;
+	}
+
 	public bool IsCancelingQuery => m_state == State.CancelingQuery;
 
 	public async Task PrepareAsync(IMySqlCommand command, IOBehavior ioBehavior, CancellationToken cancellationToken)
@@ -635,6 +665,9 @@ public async Task DisposeAsync(IOBehavior ioBehavior, CancellationToken cancella
 				ConnectionId = newConnectionId;
 			}
 
+			// Get server identification for KILL QUERY verification
+			await GetServerIdentificationAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+
 			m_payloadHandler.ByteHandler.RemainingTimeout = Constants.InfiniteTimeout;
 			return redirectionUrl;
 		}
@@ -1951,6 +1984,93 @@ private async Task GetRealServerDetailsAsync(IOBehavior ioBehavior, Cancellation
 		}
 	}
 
+	private async Task GetServerIdentificationAsync(IOBehavior ioBehavior, CancellationToken cancellationToken)
+	{
+		Log.GettingServerIdentification(m_logger, Id);
+		try
+		{
+			PayloadData payload;
+
+			// Try to get both server_uuid and server_id if server supports server_uuid (MySQL 5.6+)
+			if (!ServerVersion.IsMariaDb && ServerVersion.Version >= ServerVersions.SupportsServerUuid)
+			{
+				payload = SupportsQueryAttributes ? s_selectServerIdWithAttributesPayload : s_selectServerIdNoAttributesPayload;
+				await SendAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
+
+				// column count: 2
+				_ = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
+
+				// @@server_uuid and @@server_id columns
+				_ = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+				_ = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+
+				if (!SupportsDeprecateEof)
+				{
+					payload = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+					_ = EofPayload.Create(payload.Span);
+				}
+
+				// first (and only) row
+				payload = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+
+				var reader = new ByteArrayReader(payload.Span);
+				var length = reader.ReadLengthEncodedIntegerOrNull();
+				var serverUuid = length > 0 ? Encoding.UTF8.GetString(reader.ReadByteString(length)) : null;
+				length = reader.ReadLengthEncodedIntegerOrNull();
+				var serverId = (length > 0 && Utf8Parser.TryParse(reader.ReadByteString(length), out long id, out _)) ? id : default(long?);
+
+				ServerUuid = serverUuid;
+				ServerId = serverId;
+
+				Log.RetrievedServerIdentification(m_logger, Id, serverUuid, serverId);
+			}
+			else
+			{
+				// Fall back to just server_id for older versions or MariaDB
+				payload = SupportsQueryAttributes ? s_selectServerIdOnlyWithAttributesPayload : s_selectServerIdOnlyNoAttributesPayload;
+				await SendAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
+
+				// column count: 1
+				_ = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
+
+				// @@server_id column
+				_ = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+
+				if (!SupportsDeprecateEof)
+				{
+					payload = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+					_ = EofPayload.Create(payload.Span);
+				}
+
+				// first (and only) row
+				payload = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+
+				var reader = new ByteArrayReader(payload.Span);
+				var length = reader.ReadLengthEncodedIntegerOrNull();
+				var serverId = (length > 0 && Utf8Parser.TryParse(reader.ReadByteString(length), out long id, out _)) ? id : default(long?);
+
+				ServerUuid = null;
+				ServerId = serverId;
+
+				Log.RetrievedServerIdentification(m_logger, Id, null, serverId);
+			}
+
+			// OK/EOF payload
+			payload = await ReceiveReplyAsync(ioBehavior, CancellationToken.None).ConfigureAwait(false);
+			if (OkPayload.IsOk(payload.Span, this))
+				OkPayload.Verify(payload.Span, this);
+			else
+				EofPayload.Create(payload.Span);
+		}
+		catch (MySqlException ex)
+		{
+			Log.FailedToGetServerIdentification(m_logger, ex, Id);
+			// Set fallback values to ensure operation can continue
+			ServerUuid = null;
+			ServerId = null;
+		}
+	}
+
 	private void ShutdownSocket()
 	{
 		Log.ClosingStreamSocket(m_logger, Id);
@@ -2182,6 +2302,10 @@ protected override void OnStatementBegin(int index)
 	private static readonly PayloadData s_sleepWithAttributesPayload = QueryPayload.Create(true, "SELECT SLEEP(0) INTO @__MySqlConnector__Sleep;"u8);
 	private static readonly PayloadData s_selectConnectionIdVersionNoAttributesPayload = QueryPayload.Create(false, "SELECT CONNECTION_ID(), VERSION();"u8);
 	private static readonly PayloadData s_selectConnectionIdVersionWithAttributesPayload = QueryPayload.Create(true, "SELECT CONNECTION_ID(), VERSION();"u8);
+	private static readonly PayloadData s_selectServerIdNoAttributesPayload = QueryPayload.Create(false, "SELECT @@server_uuid, @@server_id;"u8);
+	private static readonly PayloadData s_selectServerIdWithAttributesPayload = QueryPayload.Create(true, "SELECT @@server_uuid, @@server_id;"u8);
+	private static readonly PayloadData s_selectServerIdOnlyNoAttributesPayload = QueryPayload.Create(false, "SELECT @@server_id;"u8);
+	private static readonly PayloadData s_selectServerIdOnlyWithAttributesPayload = QueryPayload.Create(true, "SELECT @@server_id;"u8);
 
 	private readonly ILogger m_logger;
 #if NET9_0_OR_GREATER

diff --git a/src/MySqlConnector/Core/ServerVersions.cs b/src/MySqlConnector/Core/ServerVersions.cs
@@ -19,4 +19,7 @@ internal static class ServerVersions
 
 	// https://mariadb.com/kb/en/set-statement/
 	public static readonly Version MariaDbSupportsPerQueryVariables = new(10, 1, 2);
+
+	// https://dev.mysql.com/doc/refman/5.6/en/replication-options.html#sysvar_server_uuid
+	public static readonly Version SupportsServerUuid = new(5, 6, 0);
 }
diff --git a/src/MySqlConnector/Logging/EventIds.cs b/src/MySqlConnector/Logging/EventIds.cs
@@ -86,6 +86,9 @@ internal static class EventIds
 	public const int CertificateErrorUnixSocket = 2158;
 	public const int CertificateErrorNoPassword = 2159;
 	public const int CertificateErrorValidThumbprint = 2160;
+	public const int GettingServerIdentification = 2161;
+	public const int RetrievedServerIdentification = 2162;
+	public const int FailedToGetServerIdentification = 2163;
 
 	// Command execution events, 2200-2299
 	public const int CannotExecuteNewCommandInState = 2200;
@@ -108,6 +111,8 @@ internal static class EventIds
 	public const int IgnoringCancellationForInactiveCommand = 2306;
 	public const int CancelingCommand = 2307;
 	public const int SendingSleepToClearPendingCancellation = 2308;
+	public const int IgnoringCancellationForDifferentServer = 2309;
+	public const int NoServerIdentificationForVerification = 2310;
 
 	// Cached procedure events, 2400-2499
 	public const int GettingCachedProcedure = 2400;

diff --git a/src/MySqlConnector/Logging/Log.cs b/src/MySqlConnector/Logging/Log.cs
@@ -189,6 +189,21 @@ internal static partial class Log
 	[LoggerMessage(EventIds.FailedToGetConnectionId, LogLevel.Information, "Session {SessionId} failed to get CONNECTION_ID(), VERSION()")]
 	public static partial void FailedToGetConnectionId(ILogger logger, Exception exception, string sessionId);
 
+	[LoggerMessage(EventIds.GettingServerIdentification, LogLevel.Debug, "Session {SessionId} getting server identification")]
+	public static partial void GettingServerIdentification(ILogger logger, string sessionId);
+
+	[LoggerMessage(EventIds.RetrievedServerIdentification, LogLevel.Debug, "Session {SessionId} retrieved server identification: UUID={ServerUuid}, ID={ServerId}")]
+	public static partial void RetrievedServerIdentification(ILogger logger, string sessionId, string? serverUuid, long? serverId);
+
+	[LoggerMessage(EventIds.FailedToGetServerIdentification, LogLevel.Information, "Session {SessionId} failed to get server identification")]
+	public static partial void FailedToGetServerIdentification(ILogger logger, Exception exception, string sessionId);
+
+	[LoggerMessage(EventIds.IgnoringCancellationForDifferentServer, LogLevel.Warning, "Session {SessionId} ignoring cancellation from session {KillSessionId}: server identity mismatch (this UUID={ServerUuid}, kill UUID={KillServerUuid}, this ID={ServerId}, kill ID={KillServerId})")]
+	public static partial void IgnoringCancellationForDifferentServer(ILogger logger, string sessionId, string killSessionId, string? serverUuid, string? killServerUuid, long? serverId, long? killServerId);
+
+	[LoggerMessage(EventIds.NoServerIdentificationForVerification, LogLevel.Debug, "Session {SessionId} and kill session {KillSessionId} have no server identification available for verification")]
+	public static partial void NoServerIdentificationForVerification(ILogger logger, string sessionId, string killSessionId);
+
 	[LoggerMessage(EventIds.ClosingStreamSocket, LogLevel.Debug, "Session {SessionId} closing stream/socket")]
 	public static partial void ClosingStreamSocket(ILogger logger, string sessionId);
 

diff --git a/tests/IntegrationTests/ServerIdentificationTests.cs b/tests/IntegrationTests/ServerIdentificationTests.cs
@@ -0,0 +1,73 @@
+using System.Diagnostics;
+
+namespace IntegrationTests;
+
+public class ServerIdentificationTests : IClassFixture<DatabaseFixture>, IDisposable
+{
+	public ServerIdentificationTests(DatabaseFixture database)
+	{
+		m_database = database;
+	}
+
+	public void Dispose()
+	{
+	}
+
+	[SkippableFact(ServerFeatures.Timeout)]
+	public void CancelCommand_WithServerVerification()
+	{
+		// This test verifies that cancellation still works with server verification
+		using var connection = new MySqlConnection(AppConfig.ConnectionString);
+		connection.Open();
+
+		using var cmd = new MySqlCommand("SELECT SLEEP(5)", connection);
+		var task = Task.Run(async () =>
+		{
+			await Task.Delay(TimeSpan.FromSeconds(0.5));
+			cmd.Cancel();
+		});
+
+		var stopwatch = Stopwatch.StartNew();
+		TestUtilities.AssertExecuteScalarReturnsOneOrIsCanceled(cmd);
+		Assert.InRange(stopwatch.ElapsedMilliseconds, 250, 2500);
+
+#pragma warning disable xUnit1031 // Do not use blocking task operations in test method
+		task.Wait(); // shouldn't throw
+#pragma warning restore xUnit1031 // Do not use blocking task operations in test method
+
+		TestUtilities.LogInfo("Cancellation with server verification completed successfully");
+	}
+
+	[SkippableFact(ServerFeatures.KnownCertificateAuthority)]  
+	public void ServerHasServerIdentification()
+	{
+		using var connection = new MySqlConnection(AppConfig.ConnectionString);
+		connection.Open();
+
+		// Test that we can query server identification manually
+		using var cmd = new MySqlCommand("SELECT @@server_id", connection);
+		var serverId = cmd.ExecuteScalar();
+		Assert.NotNull(serverId);
+		TestUtilities.LogInfo($"Server ID: {serverId}");
+
+		// Test server UUID if available (MySQL 5.6+)
+		if (connection.ServerVersion.Version.Major > 5 || 
+			(connection.ServerVersion.Version.Major == 5 && connection.ServerVersion.Version.Minor >= 6))
+		{
+			try
+			{
+				using var uuidCmd = new MySqlCommand("SELECT @@server_uuid", connection);
+				var serverUuid = uuidCmd.ExecuteScalar();
+				Assert.NotNull(serverUuid);
+				TestUtilities.LogInfo($"Server UUID: {serverUuid}");
+			}
+			catch (MySqlException ex) when (ex.ErrorCode == MySqlErrorCode.UnknownSystemVariable)
+			{
+				// Some MySQL-compatible servers might not support server_uuid
+				TestUtilities.LogInfo("Server UUID not supported on this server");
+			}
+		}
+	}
+
+	private readonly DatabaseFixture m_database;
+}