In the description of MQTT-42 there is an email from Roger Light...
Hi,
A lot of MQTT client libraries offer the feature of generating random
client ids rather than having to supply one. This is good.
I recently had over 10,000 client connections made to
test.mosquitto.org using a random client id, but also having set clean
session to false, which meant that when they disconnected their
information was stored on the server but there was basically no chance
they could reconnect.
It would be nice to have a comment in the spec suggesting that
implementations may offer to generate random client ids but that they
must refuse to do so if clean session is set to false.
Cheers,
Roger
The resolution to MQTT-42 adds some advice on the generation of random client Ids, however the real issue here is not that the client application was using a random client id, nor that it was using clean Session = 0 . The problem was caused because the application only used each random id once - so that it continually created new MQTT Sessions, and never cleaned up a session once it had created one.
Section 3.1.2.3.1 contains a description of the cleanSession flag, and correctly describes how MQTT sessions are created and destroyed. However to address the situation encountered by Roger we should add some further wotds to the non-normative part of 3.1.2.3.1.
These words should indicate that a client should only connect with cleanSession = 0 if it is prepared to reconnect again with the same client id (i.e. resume its MQTT session) and that it should delete the session (by connecting with cleanSession 1 and then disconeccing) when it has no intention of reconnecting to that session again.