[TYPO3-core] FYI: Added feature #11314: Extract functionality to create session ID from t3lib_userAuth::start()

Steffen Kamper info at sk-typo3.de
Wed Jun 10 23:29:31 CEST 2009


Hi,

Martin Kutschker schrieb:
> Francois Suter schrieb:
>> Hi,
>>
>>> Problem:
>>> The lenth of the "hash" (session ID) is fixed to a maximum of 32 chars.
>>> If another hash-function shall be used to create the session ID, e.g.
>>> SHA1, it won't work.
>> Watch out, the session ID is written to the sessions tables (fe and be)
>> when a user logs in and the fields are varchar(32).
> 
> Besides that, why do we need a max. length for the hash, anyway? I fear
> it dates back from the time when Kasper liked to truncate md5-hashes to
> "save bytes" (or whatever his reasons were).
> 

wasn't it the case that varchar doesn't reserve 256 Bytes when use 
varchar(255) ? So there is no need to set such limits which has to be 
removed later for other needs.

vg Steffen


More information about the TYPO3-team-core mailing list