Ticket #739 (closed defect: fixed)

Opened 4 years ago

Last modified 15 months ago

sessionid column too small for use with sha1

Reported by: VokinLoksar Owned by: BrianKoontz
Priority: normal Milestone: 1.3.1
Component: database Version: 1.1.6.4
Severity: normal Keywords:
Cc:

Description

My PHP configuration is using SHA1 algorithm for generating session ids. The problem is that sessionid column in the sessions table is configured for use with MD5 (32 characters versus 40). Ids that are inserted into the column are truncated, and all future attempts to select those ids fail.

Two possible solutions - either check the session id length during installation and set the column width accordingly, or use a bigger value by default (at least 40 characters).

Change History

Changed 4 years ago by DarTar

  • owner changed from unassigned to BrianKoontz

Changed 4 years ago by BrianKoontz

(In [1043]) Changed sessionid field size to 40 bytes to support smallest hash_bits_per_character value of 4 bits for SHA-1. Refs #739.

Changed 4 years ago by BrianKoontz

  • status changed from new to closed
  • resolution set to fixed

Changed 3 years ago by DarTar

  • milestone changed from 1.2 to 1.3

Retargeting to 1.3, this ticket has already been closed in trunk, from which 1.3 will be branched. Consider backporting urgent issues to 1.2.X

Changed 15 months ago by BrianKoontz

  • milestone changed from 1.3 to 1.3.1

Changed milestone to 1.3.1

Note: See TracTickets for help on using tickets.