Sessions and encrypted cookies problem |
[eluser]Derek Jones[/eluser]
Thanks. This is what really convinces me that this is a bug with the compiled encryption library on the server, and not with CI's code. Quote:Message: mcrypt_decrypt() [function.mcrypt-decrypt]: The IV parameter must be as long as the blocksize Your IV is 32 characters, your block size is 32 characters so the error is not consistent with reality. Additionally, ECB mode shouldn't even be trying to use the IV, since only CBC, CFB, OFB, and stream modes use an IV to initialize the algorithm. My recommendation would be to search the bug trackers of both libmcrypt and the server's OS distro vendor for potential known issues and/or patches. Alternatively, you might try recompiling PHP with an older version of libmcrypt, or try using an encryption mode other than ECB on this server and see if that works.
[eluser]Olf[/eluser]
Thank you for participating. I also already are embracing the fact that once a library libmcrypt askance at my hosting. Wrote a letter to my hosting provider, but so far has disabled encryption. Can I be in the future by CI to track the performance of the library at hosting? And whether the situation would change if the rewrite function mcrypt_encode() under the AIP mcrypt_module_open()?
[eluser]Derek Jones[/eluser]
Quote:Can I be in the future by CI to track the performance of the library at hosting? I'm sorry, Olf, I do not understand this question very well. Quote:And whether the situation would change if the rewrite function mcrypt_encode() under the AIP mcrypt_module_open()? You could try, but I think the first thing I would try is to use $this->encrypt->set_mode() with a different mcrypt mode so it doesn't use ECB. Keep in mind that if you're using encrypted sessions and autoloading sessions, you'll have to make sure this is set in the Encryption library before it's used.
[eluser]Sam Dark[/eluser]
Recently _g00d_ at Russian forums tried to disable mcrypt: Code: function CI_Encrypt() and it does not helped. His config: Code: $config['encryption_key'] = "asd9f87asdfj09sd8fhsd8fa"; Success session starting log: Code: DEBUG - 2009-02-18 14:35:06 --> Config Class Initialized Failure log (another server): Code: DEBUG - 2009-02-16 13:51:06 --> Config Class Initialized
[eluser]Sam Dark[/eluser]
DEBUG - 2009-02-16 13:51:06 --> A session cookie was not found. should mean something.
[eluser]Derek Jones[/eluser]
Sam, check the code, that means the cookie's not even found. Encryption's not in play there. Is the cookie being set? If not, why? Can you reproduce?
[eluser]Sam Dark[/eluser]
It's session lib, not a manual cookie setting. It's working at one server and not working at another exactly like the issue with IV parameter. Could it be that if cookie is not found, it caused mcrypt to generate wrong IV and the entire issue is not about mcrypt? It can be reproduced in one environment and can't in another.
[eluser]Derek Jones[/eluser]
I understand that it's the session library, but that error is logged when there's no session cookie available - it occurs before and is unrelated to encryption, and in fact when that check fails and that error is logged, Session:ess_read() immediately returns and the code which would attempt to decrypt the session cookie isn't even executed.
[eluser]Unknown[/eluser]
I had the same error, but in my situation everything worked good (without errors) until I had changed mbstring.func_overload in my php.ini from 0 to 2. Of course, I set it back to 0 and now CI works as before. Sorry for my English.
[eluser]Derek Jones[/eluser]
That sounds plausible, ginonly, since that takes over string handlers in a way that will likely break encoded data. |
Welcome Guest, Not a member yet? Register Sign In |