MantisBT - v3.0 Release
View Issue Details
0001066v3.0 Release[All Projects] Generalpublic2012-02-20 03:572013-08-28 11:19
Reporterkarstenmtr 
Assigned Torobertbasic 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version3.0.0 
Summary0001066: Login is in a loop (always renewing a login)
DescriptionUsers can not log in.
Additional InformationAt least as with PHP 5.3.8 there is a default value of session.hash_function = sha256 in php.ini file. As a result, a session id is 52 characters long.
With PHP 5.3.5 the value of session.hash_function is "3", resulting in a 32 character long session id. (Both are checked on openSUSE 11.4 and 12.1.)
The initial session_id column in table sessions is a VARCHAR(40)-field.
Therefor, with the newer PHP version, users can not log in, because the value of the variable (52 chars) and the value in the database (40 chars) do not match.
It seems advisable to increase the width of the session_id column in the sessions table to at least 52 characters as described for a similar bug here: https://bugs.launchpad.net/webtrees/+bug/915260
TagsNo tags attached.
Attached Files

Notes
(0002419)
robertbasic   
2012-02-26 01:52   
The default PHP value for session.hash_function is 0, that is md5, so the ini value was probably modified by either the distro itself, or by the sysadmin maintaining the server.

Since 5.3, the sesssion.hash_function can have the value of any of the hash_algos() methods, which gives as 128 characters for the longest possible hash; that's sha512.

We could actually fix this in two ways: set the hash_function ourself with ini_set() to 0, or increase the column width to 128 characters.

It would be nice for w2p to be a "good citizen" on servers, so I'll increase the column width.
(0002420)
robertbasic   
2012-02-26 02:02   
Pull request sent: https://github.com/caseysoftware/web2project/pull/73
(0002428)
robertbasic   
2012-03-05 09:24   
Pull request merged by caseydk

Issue History
2012-02-20 03:57karstenmtrNew Issue
2012-02-26 01:52robertbasicNote Added: 0002419
2012-02-26 02:02robertbasicNote Added: 0002420
2012-03-05 09:24robertbasicNote Added: 0002428
2012-03-05 09:24robertbasicStatusnew => resolved
2012-03-05 09:24robertbasicResolutionopen => fixed
2012-03-05 09:24robertbasicAssigned To => robertbasic
2012-04-21 19:07caseydkProjectv2.4 Release (Closed) => v3.0 Release
2013-08-28 11:14caseydkFixed in Version => 3.0.0
2013-08-28 11:19caseydkStatusresolved => closed