Sessions fail when generated IDs are greater than 32 characters. #217
Comments
|
Is this as easy as altering |
zerocrates
added a commit
that referenced
this issue
Oct 28, 2013
Since this code will only appear in sites on 2.1+ anyway, we can at the same time account for users that would otherwise be bitten by #217.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See http://omeka.org/forums/topic/admin-login-screen-seems-to-redirect-on-itself
The default PHP session ID is 32 characters long, a hexadecimal representation of a 128-bit MD5 hash. Users can set
session.hash_functionto '1', which uses SHA-1 instead, and produces 160-bit (40 hex character) hashes. Users can also pick even bigger hashes like sha256 and sha512.The table we use to store sessions stores the ID (the primary key) as a
CHAR(32), so we're truncating any longer ids. This means they won't get looked up correctly, and sessions just won't work. For the SHA-1 setting, users can work around this problem by also settingsession.hash_bits_per_characterto5.We need to do some combination of forcing the hash function PHP uses and altering the sessions table to accommodate bigger session ids.
The text was updated successfully, but these errors were encountered: