Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Piwik should work as expected when PHP setting session.hash_function has non default value #5371

Closed
anonymous-matomo-user opened this issue Jun 20, 2014 · 5 comments
Closed

Piwik should work as expected when PHP setting session.hash_function has non default value #5371

anonymous-matomo-user opened this issue Jun 20, 2014 · 5 comments
Assignees
@mattab
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
2.4.0

Comments

@anonymous-matomo-user
Copy link

Hi,

i installed piwik on an opensuse 13.1. server (Server Version: 5.6.12 - openSUSE package). The Installation proceeds without errors with both pdo und mysqli extensions, but if i try to login after the Installation it says: "security checks failed..."
(actually it shows following message in german: Fehler: Sicherheitschecks fehlgeschlagen. Bitte laden Sie das Formular erneut und prfen Sie, ob Ihr Browser Cookies zulsst. Wenn Sie einen Proxy Server verwenden, mssen Sie Piwik so einrichten, dass es Proxy Header akzeptiert.)

I'm using the latest version and went down as far as 1.9 and the bug was still there.
The Apache Error log shows following message and I'm pretty sure it's a bug.

 PHP Fatal error:  Uncaught exception 'Zend_Db_Statement_Mysqli_Exception' with message 'Mysqli statement execute error : Data too long for column 'id' at row 1' in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php:214\nStack trace:\n#0 /srv/www/htdocs/piwik/libs/Zend/Db/Statement.php(300): Zend_Db_Statement_Mysqli->_execute(Array)\n#1 /srv/www/htdocs/piwik/libs/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)\n#2 /srv/www/htdocs/piwik/core/Session/SaveHandler/DbTable.php(107): Zend_Db_Adapter_Abstract->query('INSERT INTO piw...', Array)\n#3 [internal function]: Piwik\\Session\\SaveHandler\\DbTable->write('oahpt2qjkr6bp9d...', 'Login.login|a:1...')\n#4 /srv/www/htdocs/piwik/libs/Zend/Session.php(691): session_write_close()\n#5 [internal function]: Zend_Session::writeClose(true)\n#6 {main}\n  thrown in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php on line 214, referer: http://intranet/piwik/index.php

PHP Fatal error:  Uncaught exception 'Zend_Db_Statement_Mysqli_Exception' with message 'Mysqli statement execute error : Data too long for column 'id' at row 1' in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php:214\nStack trace:\n#0 /srv/www/htdocs/piwik/libs/Zend/Db/Statement.php(300): Zend_Db_Statement_Mysqli->_execute(Array)\n#1 /srv/www/htdocs/piwik/libs/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)\n#2 /srv/www/htdocs/piwik/core/Session/SaveHandler/DbTable.php(107): Zend_Db_Adapter_Abstract->query('INSERT INTO piw...', Array)\n#3 [internal function]: Piwik\\Session\\SaveHandler\\DbTable->write('oahpt2qjkr6bp9d...', '')\n#4 /srv/www/htdocs/piwik/libs/Zend/Session.php(691): session_write_close()\n#5 [internal function]: Zend_Session::writeClose(true)\n#6 {main}\n  thrown in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php on line 214, referer: http://intranet/piwik/index.php
```}

Thanks for any help. If you need further information, please ask.
@mattab
Copy link
Member

mattab commented Jun 20, 2014

thanks for report. can you apply this patch:

--- core/Session/SaveHandler/DbTable.php    (revision a3d1561cf6b8c97a6010bcffdf94e8f92a23940a)
+++ core/Session/SaveHandler/DbTable.php    (revision )
@@ -93,6 +93,7 @@
      */
     public function write($id, $data)
     {
+        var_dump($id);
         $sql = 'INSERT INTO ' . $this->config['name']
             . ' (' . $this->config['primary'] . ','
             . $this->config['modifiedColumn'] . ','

And then send me the first line before the error ?

Also can you try the following mysql command and send me output?

 DESCRIBE piwik_session ```

@anonymous-matomo-user
Copy link
Author

Sorry it took me so long, but i'm at work.

So here you can see the output of DESCRIBE piwik_session:

mysql> DESCRIBE piwik_session;
+----------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------+------+-----+---------+-------+
| id | char(32) | NO | PRI | NULL | |
| modified | int(11) | YES | | NULL | |
| lifetime | int(11) | YES | | NULL | |
| data | text | YES | | NULL | |
+----------+----------+------+-----+---------+-------+
4 rows in set (0.00 sec)

As for the patch i'm not sure where you expect to see something. On the frontend I get folling statement:

string(52) "oahpt2qjkr6bp9du70p61hropql3g6ehr0m1n5d3tt13utobhcf0"

The Error log is pretty much the same as before:

[Fri Jun 20 16:36:56.407601 2014] [php5:error] [pid 8802] [client 192.168.196.56:51562] PHP Fatal error:  Uncaught exception 'Zend_Db_Statement_Mysqli_Exception' with message 'Mysqli statement execute error : Data too long for column 'id' at row 1' in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php:214\nStack trace:\n#0 /srv/www/htdocs/piwik/libs/Zend/Db/Statement.php(300): Zend_Db_Statement_Mysqli->_execute(Array)\n#1 /srv/www/htdocs/piwik/libs/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)\n#2 /srv/www/htdocs/piwik/core/Session/SaveHandler/DbTable.php(108): Zend_Db_Adapter_Abstract->query('INSERT INTO piw...', Array)\n#3 [internal function]: Piwik\\Session\\SaveHandler\\DbTable->write('oahpt2qjkr6bp9d...', 'Login.login|a:1...')\n#4 /srv/www/htdocs/piwik/libs/Zend/Session.php(691): session_write_close()\n#5 [internal function]: Zend_Session::writeClose(true)\n#6 {main}\n  thrown in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php on line 214
[Fri Jun 20 16:36:56.665509 2014] [php5:error] [pid 8832] [client 192.168.196.56:51563] PHP Fatal error:  Uncaught exception 'Zend_Db_Statement_Mysqli_Exception' with message 'Mysqli statement execute error : Data too long for column 'id' at row 1' in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php:214\nStack trace:\n#0 /srv/www/htdocs/piwik/libs/Zend/Db/Statement.php(300): Zend_Db_Statement_Mysqli->_execute(Array)\n#1 /srv/www/htdocs/piwik/libs/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)\n#2 /srv/www/htdocs/piwik/core/Session/SaveHandler/DbTable.php(108): Zend_Db_Adapter_Abstract->query('INSERT INTO piw...', Array)\n#3 [internal function]: Piwik\\Session\\SaveHandler\\DbTable->write('oahpt2qjkr6bp9d...', '')\n#4 /srv/www/htdocs/piwik/libs/Zend/Session.php(691): session_write_close()\n#5 [internal function]: Zend_Session::writeClose(true)\n#6 {main}\n  thrown in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php on line 214, referer: http://intranet/piwik/
[Fri Jun 20 16:37:04.795198 2014] [php5:error] [pid 8802] [client 192.168.196.56:51562] PHP Fatal error:  Uncaught exception 'Zend_Db_Statement_Mysqli_Exception' with message 'Mysqli statement execute error : Data too long for column 'id' at row 1' in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php:214\nStack trace:\n#0 /srv/www/htdocs/piwik/libs/Zend/Db/Statement.php(300): Zend_Db_Statement_Mysqli->_execute(Array)\n#1 /srv/www/htdocs/piwik/libs/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)\n#2 /srv/www/htdocs/piwik/core/Session/SaveHandler/DbTable.php(108): Zend_Db_Adapter_Abstract->query('INSERT INTO piw...', Array)\n#3 [internal function]: Piwik\\Session\\SaveHandler\\DbTable->write('oahpt2qjkr6bp9d...', 'Login.login|a:1...')\n#4 /srv/www/htdocs/piwik/libs/Zend/Session.php(691): session_write_close()\n#5 [internal function]: Zend_Session::writeClose(true)\n#6 {main}\n  thrown in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php on line 214, referer: http://intranet/piwik/
[Fri Jun 20 16:37:05.262989 2014] [php5:error] [pid 8843] [client 192.168.196.56:51564] PHP Fatal error:  Uncaught exception 'Zend_Db_Statement_Mysqli_Exception' with message 'Mysqli statement execute error : Data too long for column 'id' at row 1' in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php:214\nStack trace:\n#0 /srv/www/htdocs/piwik/libs/Zend/Db/Statement.php(300): Zend_Db_Statement_Mysqli->_execute(Array)\n#1 /srv/www/htdocs/piwik/libs/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)\n#2 /srv/www/htdocs/piwik/core/Session/SaveHandler/DbTable.php(108): Zend_Db_Adapter_Abstract->query('INSERT INTO piw...', Array)\n#3 [internal function]: Piwik\\Session\\SaveHandler\\DbTable->write('oahpt2qjkr6bp9d...', '')\n#4 /srv/www/htdocs/piwik/libs/Zend/Session.php(691): session_write_close()\n#5 [internal function]: Zend_Session::writeClose(true)\n#6 {main}\n  thrown in /srv/www/htdocs/piwik/libs/Zend/Db/Statement/Mysqli.php on line 214, referer: http://intranet/piwik/

I guess "reinstalling" with the patch applied won't change a thing.

@mattab
Copy link
Member

mattab commented Jun 24, 2014

do you use any browser extension that may affect your cookies?

the strange thing is that your session id is 52 character long, but it is expected to be only 32 characters. In years of supporting Piwik i've never heard this issue. Maybe it's created by your server configuration somehow, or a browser extension, or something else? have you got some idea maybe why your PHP session Ids would be 52 characters long?

@anonymous-matomo-user
Copy link
Author

Thanks for your explanation. It wasn't any browser extension that made problems, but the my php.ini settings.
Apparently opensuse uses

session.hash_function = sha256

as the default setting. Most Linux Distributers use

session.hash_function = 1

which means SHA-1 with 160 bits or MD5 with 128 bits

So for me it's just fine to set session.hash_function = 1. The question is, if anybody hurts if you allow id's up to char(64) ?

@mattab
Copy link
Member

mattab commented Jun 25, 2014

In 6ca0524: Fixes #5371 Make Piwik work PHP session hash function is non default such as sha1 or sha512 or other
id is now VARCHAR field

Tested with: session.hash_function = sha256

Had to use VARCHAR as the session id can be 128 chars eg.

$ php -r "var_dump(hash('sha512','test'));"
string(128) "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff"

@anonymous-matomo-user anonymous-matomo-user added this to the 2.4.0 - Piwik 2.4.0 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattab mattab

Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Milestone
2.4.0
Development

No branches or pull requests
2 participants
@mattab @anonymous-matomo-user