Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  CodeIgniter Development Forums  >  Help, is this a bug?  >  Thread
   
1 of 3
1
2
3
Next
Sessions and encrypted cookies problem
 
Dionysius
Posted: 03 December 2008 12:13 AM   [ Ignore ]  
Summer Student
Total Posts:  15
Joined  04-26-2007

I have a problem with this topic.

My config.php:

$config['sess_cookie_name']        'sl_session';
$config['sess_expiration']        7200;
$config['sess_encrypt_cookie']    TRUE;
$config['sess_use_database']    FALSE;
$config['sess_table_name']        'ci_sessions';
$config['sess_match_ip']        FALSE;
$config['sess_match_useragent']    TRUE;
$config['sess_time_to_update']     300

My $config[‘base_url’] is “<host>/”;

autoload.php:

$autoload['libraries'= array( 'database''session' );
$autoload['helper'= array( 'url''html' ); 

Then I go to <mySite> and Welcome controller is loaded (cookies are set). When I reload this page I get this error

A PHP Error was encountered

Severity: Warning

Message: mcrypt_decrypt() [function.mcrypt-decrypt]: The IV parameter must be as long as the blocksize

Filename: libraries/Encrypt.php

Line Number: 283

I have no any hacks, modifications, or extensions. I use clear CI 1.7.0
Profile
 
 
Dionysius
Posted: 03 December 2008 12:16 AM   [ Ignore ]   [ # 1 ]  
Summer Student
Total Posts:  15
Joined  04-26-2007

P.S. PHP version is 5.2.4
Profile
 
 
Vince Stross
Posted: 03 December 2008 09:16 AM   [ Ignore ]   [ # 2 ]  
Grad Student
Avatar
Rank
Total Posts:  68
Joined  02-04-2008

is your encryption key set?

 Signature 

“...‘Beyond Civilization’ isn’t a geographical space up in the mountains or on some remote desert isle. It’s a cultural space that opens up among people with new minds.” -Daniel Quinn, Beyond Civilization
Profile
 
 
Dionysius
Posted: 03 December 2008 10:01 AM   [ Ignore ]   [ # 3 ]  
Summer Student
Total Posts:  15
Joined  04-26-2007

Yes, it is.
Profile
 
 
Vince Stross
Posted: 03 December 2008 11:10 AM   [ Ignore ]   [ # 4 ]  
Grad Student
Avatar
Rank
Total Posts:  68
Joined  02-04-2008

How long is it? Any weird characters?

If it’s really long try to shorten it, if it’s short, make it longer.

Try messing with this because I have a feeling this is the problem.

Otherwise, are you able to ssh at root level to your server? There could be something with the mcrypt version and php version you are using.

 Signature 

“...‘Beyond Civilization’ isn’t a geographical space up in the mountains or on some remote desert isle. It’s a cultural space that opens up among people with new minds.” -Daniel Quinn, Beyond Civilization
Profile
 
 
Sam Dark
Posted: 04 December 2008 11:53 AM   [ Ignore ]   [ # 5 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Having the same issue. Latest CI 1.7.
Profile
 
 
Sam Dark
Posted: 09 December 2008 06:08 AM   [ Ignore ]   [ # 6 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Some details.

1. It seems to be platform specific. I’m not getting it at my development computer (Windows XP) and getting it at server from time to time.
2. It is CI bug, not third party code. Russian community members have repoduced it with clean CI installation at welcome page. Personally I’m getting it at server with SVN trunk version.

Will get more details soon.
Profile
 
 
Sam Dark
Posted: 09 December 2008 07:55 AM   [ Ignore ]   [ # 7 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Config:

$config['encryption_key'"9fca5ef2eeb2d513a09302e130298b6";
$config['sess_cookie_name''ci_session';
$config['sess_expiration'7200;
$config['sess_encrypt_cookie'TRUE;
$config['sess_use_database'FALSE;
$config['sess_table_name''ci_sessions';
$config['sess_match_ip'FALSE;
$config['sess_match_useragent']    TRUE;
$config['sess_time_to_update']     300;
$config['cookie_prefix'"";
$config['cookie_domain'"";
$config['cookie_path'"/"
Profile
 
 
Sam Dark
Posted: 09 December 2008 07:56 AM   [ Ignore ]   [ # 8 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Works when $config[‘sess_encrypt_cookie’] = FALSE; in all problematic cases.
Profile
 
 
Sam Dark
Posted: 09 December 2008 08:23 AM   [ Ignore ]   [ # 9 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

CI 1.7.0
PHP 5.2.4
User-agent Firefox 2.0.0.18
Profile
 
 
Vince Stross
Posted: 09 December 2008 08:53 AM   [ Ignore ]   [ # 10 ]  
Grad Student
Avatar
Rank
Total Posts:  68
Joined  02-04-2008

The only difference I can see between my config and yours:

$config[‘sess_use_database’] = TRUE;

I store all of my session data in the database.

 Signature 

“...‘Beyond Civilization’ isn’t a geographical space up in the mountains or on some remote desert isle. It’s a cultural space that opens up among people with new minds.” -Daniel Quinn, Beyond Civilization
Profile
 
 
Sam Dark
Posted: 09 December 2008 08:57 AM   [ Ignore ]   [ # 11 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Ishmael
This config is just one of the many. I’m using $config[‘sess_use_database’] = TRUE; myself while getting this issue.
Profile
 
 
Derek Jones
Posted: 09 December 2008 10:39 AM   [ Ignore ]   [ # 12 ]  
Administrator
Avatar
RankRankRankRankRankRankRank
Total Posts:  11303
Joined  06-03-2002

What version and API number is mcrypt compiled with in your PHP environment that exhibits this problem?  Is either algorithm_dir or modes_dir set?

 Signature 
Profile
MSG
 
 
Sam Dark
Posted: 09 December 2008 11:05 AM   [ Ignore ]   [ # 13 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008
Version2.5.8
Api No20021217
Supported cipherscast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modescbc cfb ctr ecb ncfb nofb ofb stream 

mcrypt.algorithms_dir and mcrypt.modes_dir are not set.
Profile
 
 
Derek Jones
Posted: 09 December 2008 11:47 AM   [ Ignore ]   [ # 14 ]  
Administrator
Avatar
RankRankRankRankRankRankRank
Total Posts:  11303
Joined  06-03-2002

Before the return statement on line 283, add the following:

var_dump($this->_get_cipher());
var_dump($data);
var_dump($this->_get_mode());
var_dump($init_vect); 

Hit the welcome screen, view source, and cut and paste the results in a code block here, please.

 Signature 
Profile
MSG
 
 
Sam Dark
Posted: 09 December 2008 08:16 PM   [ Ignore ]   [ # 15 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Derek Jones
Olf traced it down to Encrypt.php,  _set_cookie() from Session.php, $this->CI->encrypt->encode() -> $this->_xor_encode() -> $this->mcrypt_encode($data, $key). $key isn’t passed sometimes.

Olf thinks it’s connected with _add_cipher_noise().

I think it’s connected to mcrypt. As I previously said there was no issue at my development computer. I’ve compared php.ini. mcrypt is disabled at my development computer and enabled at server.

//Going to a trip for a week. Hope guys here will trace it finally.
Profile
 
 
   
1 of 3
1
2
3
Next
 
‹‹ Cache Problem      xss_clean gives strange results. ››
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 3.1.5 (20110621)
Script Executed in 1.3622 seconds
Atom Feed   RSS 2.0