webtrees

session, php.ini, session.hash_function = sha256

Bug #915260 reported by Lex Oulu on 2012-01-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	webtrees	Fix Released	Low	fisharebest

Bug Description

ref: forum, #19526
Login is in a loop (always renewing a login)

Cause: php.ini, session.hash_function = sha256,
exceeds the session_id column length in our wt_session table.

Symptoms: webtrees is silent and does not generate any error messages or warnings

Revision history for this message

fisharebest (fisharebest) wrote on 2012-01-12:

It would help if you could confirm the length of your generated session IDs.

Changed in webtrees:
assignee:	nobody → fisharebest (fisharebest)

Revision history for this message

Lex Oulu (lexoulu) wrote on 2012-01-13:

I did a test, changed the length of from char(32) to char(128).

when session.hash_bits_per_character = 5

php.ini, session.hash_function = sha1

=> session.hash_bits_per_character
eg. vlhao31rl8pp0vkv40e771jc73ckve49
==> generates 32 char

php.ini, session.hash_function = sha256

=> session.hash_bits_per_character
eg. e6p22gtfdr8ejs0hcg6usmgqu4627iq1al6nuciapv4a8f4acas1
==> generates 52 char

php.ini, session.hash_function = sha256

=> session.hash_bits_per_character
4uri9ipv69picauj9bn66vntpusjgvtih85b1e233gqlnph0ckflur0m95grjmgbv7fjksg1ld3npjtjm6fq8t6fu3cvbeufqvssbe0
==> generates 102 char

Table field length 128 seems to cover them both.

sha256 requiring 52 char was a small surprise to me, as I though 64 would be needed as shown in eg. http://www.xorbin.com/tools/sha256-hash-calculator
I suppose the session.hash_bits_per_character = 5 causes the difference.

Revision history for this message

Lex Oulu (lexoulu) wrote on 2012-01-13:

I did a test, changed the length of session_id column from char(32) to char(128).

fisharebest (fisharebest) on 2012-01-14

Changed in webtrees:
status:	New → In Progress
importance:	Undecided → Low

fisharebest (fisharebest) on 2012-01-14

Changed in webtrees:
status:	In Progress → Fix Committed

Revision history for this message

fisharebest (fisharebest) wrote on 2012-02-13:

Fix released in webtrees 1.2.7

Changed in webtrees:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.