New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Piwik should work as expected when PHP setting session.hash_function has non default value #5371
Comments
thanks for report. can you apply this patch:
And then send me the first line before the error ? Also can you try the following mysql command and send me output?
|
Sorry it took me so long, but i'm at work. So here you can see the output of DESCRIBE piwik_session: mysql> DESCRIBE piwik_session; As for the patch i'm not sure where you expect to see something. On the frontend I get folling statement: string(52) "oahpt2qjkr6bp9du70p61hropql3g6ehr0m1n5d3tt13utobhcf0" The Error log is pretty much the same as before:
I guess "reinstalling" with the patch applied won't change a thing. |
do you use any browser extension that may affect your cookies? the strange thing is that your session id is 52 character long, but it is expected to be only 32 characters. In years of supporting Piwik i've never heard this issue. Maybe it's created by your server configuration somehow, or a browser extension, or something else? have you got some idea maybe why your PHP session Ids would be 52 characters long? |
Thanks for your explanation. It wasn't any browser extension that made problems, but the my php.ini settings.
as the default setting. Most Linux Distributers use
which means SHA-1 with 160 bits or MD5 with 128 bits So for me it's just fine to set session.hash_function = 1. The question is, if anybody hurts if you allow id's up to char(64) ? |
In 6ca0524: Fixes #5371 Make Piwik work PHP session hash function is non default such as sha1 or sha512 or other Tested with: session.hash_function = sha256 Had to use VARCHAR as the session id can be 128 chars eg. $ php -r "var_dump(hash('sha512','test'));"
|
Hi,
i installed piwik on an opensuse 13.1. server (Server Version: 5.6.12 - openSUSE package). The Installation proceeds without errors with both pdo und mysqli extensions, but if i try to login after the Installation it says: "security checks failed..."
(actually it shows following message in german: Fehler: Sicherheitschecks fehlgeschlagen. Bitte laden Sie das Formular erneut und prfen Sie, ob Ihr Browser Cookies zulsst. Wenn Sie einen Proxy Server verwenden, mssen Sie Piwik so einrichten, dass es Proxy Header akzeptiert.)
I'm using the latest version and went down as far as 1.9 and the bug was still there.
The Apache Error log shows following message and I'm pretty sure it's a bug.
The text was updated successfully, but these errors were encountered: