[TYPO3-core] FYI: Added feature #11314: Extract functionality to create session ID from t3lib_userAuth::start()
Martin Kutschker
masi-no at spam-typo3.org
Wed Jun 10 23:03:32 CEST 2009
Francois Suter schrieb:
> Hi,
>
>> Problem:
>> The lenth of the "hash" (session ID) is fixed to a maximum of 32 chars.
>> If another hash-function shall be used to create the session ID, e.g.
>> SHA1, it won't work.
>
> Watch out, the session ID is written to the sessions tables (fe and be)
> when a user logs in and the fields are varchar(32).
Besides that, why do we need a max. length for the hash, anyway? I fear
it dates back from the time when Kasper liked to truncate md5-hashes to
"save bytes" (or whatever his reasons were).
Masi
More information about the TYPO3-team-core
mailing list