|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001066||v3.0 Release||[All Projects] General||public||2012-02-20 03:57||2013-08-28 11:19|
|Target Version||Fixed in Version||3.0.0|
|Summary||0001066: Login is in a loop (always renewing a login)|
|Description||Users can not log in.|
|Additional Information||At least as with PHP 5.3.8 there is a default value of session.hash_function = sha256 in php.ini file. As a result, a session id is 52 characters long.|
With PHP 5.3.5 the value of session.hash_function is "3", resulting in a 32 character long session id. (Both are checked on openSUSE 11.4 and 12.1.)
The initial session_id column in table sessions is a VARCHAR(40)-field.
Therefor, with the newer PHP version, users can not log in, because the value of the variable (52 chars) and the value in the database (40 chars) do not match.
It seems advisable to increase the width of the session_id column in the sessions table to at least 52 characters as described for a similar bug here: https://bugs.launchpad.net/webtrees/+bug/915260
|Tags||No tags attached.|
The default PHP value for session.hash_function is 0, that is md5, so the ini value was probably modified by either the distro itself, or by the sysadmin maintaining the server.
Since 5.3, the sesssion.hash_function can have the value of any of the hash_algos() methods, which gives as 128 characters for the longest possible hash; that's sha512.
We could actually fix this in two ways: set the hash_function ourself with ini_set() to 0, or increase the column width to 128 characters.
It would be nice for w2p to be a "good citizen" on servers, so I'll increase the column width.
|Pull request sent: https://github.com/caseysoftware/web2project/pull/73|
|Pull request merged by caseydk|
|2012-02-20 03:57||karstenmtr||New Issue|
|2012-02-26 01:52||robertbasic||Note Added: 0002419|
|2012-02-26 02:02||robertbasic||Note Added: 0002420|
|2012-03-05 09:24||robertbasic||Note Added: 0002428|
|2012-03-05 09:24||robertbasic||Status||new => resolved|
|2012-03-05 09:24||robertbasic||Resolution||open => fixed|
|2012-03-05 09:24||robertbasic||Assigned To||=> robertbasic|
|2012-04-21 19:07||caseydk||Project||v2.4 Release (Closed) => v3.0 Release|
|2013-08-28 11:14||caseydk||Fixed in Version||=> 3.0.0|
|2013-08-28 11:19||caseydk||Status||resolved => closed|