Anonymous Login
2022-09-26 15:48 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001066v3.0 Release[All Projects] Generalpublic2013-08-28 11:19
Assigned Torobertbasic 
Product Version 
Target VersionFixed in Version3.0.0 
Summary0001066: Login is in a loop (always renewing a login)
DescriptionUsers can not log in.
Additional InformationAt least as with PHP 5.3.8 there is a default value of session.hash_function = sha256 in php.ini file. As a result, a session id is 52 characters long.
With PHP 5.3.5 the value of session.hash_function is "3", resulting in a 32 character long session id. (Both are checked on openSUSE 11.4 and 12.1.)
The initial session_id column in table sessions is a VARCHAR(40)-field.
Therefor, with the newer PHP version, users can not log in, because the value of the variable (52 chars) and the value in the database (40 chars) do not match.
It seems advisable to increase the width of the session_id column in the sessions table to at least 52 characters as described for a similar bug here:
TagsNo tags attached.
Attached Files




robertbasic (developer)

The default PHP value for session.hash_function is 0, that is md5, so the ini value was probably modified by either the distro itself, or by the sysadmin maintaining the server.

Since 5.3, the sesssion.hash_function can have the value of any of the hash_algos() methods, which gives as 128 characters for the longest possible hash; that's sha512.

We could actually fix this in two ways: set the hash_function ourself with ini_set() to 0, or increase the column width to 128 characters.

It would be nice for w2p to be a "good citizen" on servers, so I'll increase the column width.


robertbasic (developer)

Pull request sent:


robertbasic (developer)

Pull request merged by caseydk

-Issue History
Date Modified Username Field Change
2012-02-20 03:57 karstenmtr New Issue
2012-02-26 01:52 robertbasic Note Added: 0002419
2012-02-26 02:02 robertbasic Note Added: 0002420
2012-03-05 09:24 robertbasic Note Added: 0002428
2012-03-05 09:24 robertbasic Status new => resolved
2012-03-05 09:24 robertbasic Resolution open => fixed
2012-03-05 09:24 robertbasic Assigned To => robertbasic
2012-04-21 19:07 caseydk Project v2.4 Release (Closed) => v3.0 Release
2013-08-28 11:14 caseydk Fixed in Version => 3.0.0
2013-08-28 11:19 caseydk Status resolved => closed
+Issue History