webtrees

session, php.ini, session.hash_function = sha256

Bug #915260 reported by Lex Oulu on 2012-01-12

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

webtrees

Fix Released

Low

fisharebest

You need to log in to change this bug's status.

Affecting:	webtrees
Filed here by:	Lex Oulu
When:	2012-01-12
Confirmed:	2012-01-14
Assigned:	2012-01-12
Started work:	2012-01-14
Completed:	2012-02-13

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Low

Assigned to

	Me
	fisharebest (fisharebest)

Remote Watch

	None, the status of the bug is updated manually.
	None, the status of the bug is updated manually.
	URL:

The information about this bug in Launchpad is automatically pulled daily from the remote bug.

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

ref: forum, #19526
Login is in a loop (always renewing a login)

Cause: php.ini, session.hash_function = sha256,
exceeds the session_id column length in our wt_session table.

Symptoms: webtrees is silent and does not generate any error messages or warnings

Add tags Tag help

fisharebest (fisharebest) wrote on 2012-01-12:

It would help if you could confirm the length of your generated session IDs.

Changed in webtrees:
assignee:	nobody → fisharebest (fisharebest)

Lex Oulu (lexoulu) wrote on 2012-01-13:

I did a test, changed the length of from char(32) to char(128).

when session.hash_bits_per_character = 5

php.ini, session.hash_function = sha1

=> session.hash_bits_per_character
eg. vlhao31rl8pp0vkv40e771jc73ckve49
==> generates 32 char

php.ini, session.hash_function = sha256

=> session.hash_bits_per_character
eg. e6p22gtfdr8ejs0hcg6usmgqu4627iq1al6nuciapv4a8f4acas1
==> generates 52 char

php.ini, session.hash_function = sha256

=> session.hash_bits_per_character
4uri9ipv69picauj9bn66vntpusjgvtih85b1e233gqlnph0ckflur0m95grjmgbv7fjksg1ld3npjtjm6fq8t6fu3cvbeufqvssbe0
==> generates 102 char

Table field length 128 seems to cover them both.

sha256 requiring 52 char was a small surprise to me, as I though 64 would be needed as shown in eg. http://www.xorbin.com/tools/sha256-hash-calculator
I suppose the session.hash_bits_per_character = 5 causes the difference.

Lex Oulu (lexoulu) wrote on 2012-01-13:

I did a test, changed the length of session_id column from char(32) to char(128).

fisharebest (fisharebest) on 2012-01-14

Changed in webtrees:
status:	New → In Progress
importance:	Undecided → Low

fisharebest (fisharebest) on 2012-01-14

Changed in webtrees:
status:	In Progress → Fix Committed

fisharebest (fisharebest) wrote on 2012-02-13:

Fix released in webtrees 1.2.7

Changed in webtrees:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers