session, php.ini, session.hash_function = sha256

Bug #915260 reported by Lex Oulu on 2012-01-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webtrees
Fix Released
Low
fisharebest

Bug Description

ref: forum, #19526
Login is in a loop (always renewing a login)

Cause: php.ini, session.hash_function = sha256,
exceeds the session_id column length in our wt_session table.

Symptoms: webtrees is silent and does not generate any error messages or warnings

fisharebest (fisharebest) wrote :

It would help if you could confirm the length of your generated session IDs.

Changed in webtrees:
assignee: nobody → fisharebest (fisharebest)
Lex Oulu (lexoulu) wrote :

I did a test, changed the length of from char(32) to char(128).

when session.hash_bits_per_character = 5

php.ini, session.hash_function = sha1

=> session.hash_bits_per_character
eg. vlhao31rl8pp0vkv40e771jc73ckve49
==> generates 32 char

php.ini, session.hash_function = sha256

=> session.hash_bits_per_character
eg. e6p22gtfdr8ejs0hcg6usmgqu4627iq1al6nuciapv4a8f4acas1
==> generates 52 char

php.ini, session.hash_function = sha256

=> session.hash_bits_per_character
4uri9ipv69picauj9bn66vntpusjgvtih85b1e233gqlnph0ckflur0m95grjmgbv7fjksg1ld3npjtjm6fq8t6fu3cvbeufqvssbe0
==> generates 102 char

Table field length 128 seems to cover them both.

sha256 requiring 52 char was a small surprise to me, as I though 64 would be needed as shown in eg. http://www.xorbin.com/tools/sha256-hash-calculator
I suppose the session.hash_bits_per_character = 5 causes the difference.

Lex Oulu (lexoulu) wrote :

I did a test, changed the length of session_id column from char(32) to char(128).

Changed in webtrees:
status: New → In Progress
importance: Undecided → Low
Changed in webtrees:
status: In Progress → Fix Committed
fisharebest (fisharebest) wrote :

Fix released in webtrees 1.2.7

Changed in webtrees:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers