Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  CodeIgniter Development Forums  >  Help, is this a bug?  >  Thread
   
3 of 3
Prev
1
2
3
Sessions and encrypted cookies problem
 
Olf
Posted: 11 December 2008 12:19 PM   [ Ignore ]   [ # 31 ]  
Summer Student
Total Posts:  13
Joined  11-12-2008

Thank you for participating.

I also already are embracing the fact that once a library libmcrypt askance at my hosting. Wrote a letter to my hosting provider, but so far has disabled encryption.

Can I be in the future by CI to track the performance of the library at hosting?

And whether the situation would change if the rewrite function mcrypt_encode() under the AIP mcrypt_module_open()?
Profile
 
 
Derek Jones
Posted: 11 December 2008 12:43 PM   [ Ignore ]   [ # 32 ]  
Administrator
Avatar
RankRankRankRankRankRankRank
Total Posts:  11292
Joined  06-03-2002

Can I be in the future by CI to track the performance of the library at hosting?

I’m sorry, Olf, I do not understand this question very well.

And whether the situation would change if the rewrite function mcrypt_encode() under the AIP mcrypt_module_open()?

You could try, but I think the first thing I would try is to use $this->encrypt->set_mode() with a different mcrypt mode so it doesn’t use ECB.  Keep in mind that if you’re using encrypted sessions and autoloading sessions, you’ll have to make sure this is set in the Encryption library before it’s used.

 Signature 
Profile
MSG
 
 
Sam Dark
Posted: 18 February 2009 08:59 AM   [ Ignore ]   [ # 33 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

Recently _g00d_ at Russian forums tried to disable mcrypt:

function CI_Encrypt()
   {
      $this->CI =& get_instance();
      //$this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE;
                $this->_mcrypt_exists FALSE;
      log_message('debug'"Encrypt Class Initialized");
   

and it does not helped.

His config:

$config['encryption_key'"asd9f87asdfj09sd8fhsd8fa";
$config['sess_cookie_name']      'documents_session';
$config['sess_expiration']      7200;
$config['sess_encrypt_cookie']          TRUE;
$config['sess_use_database']            TRUE;
$config['sess_table_name']      'documents_sessions';
$config['sess_match_ip']      FALSE;
$config['sess_match_useragent']         TRUE;
$config['sess_time_to_update']       300;

$config['cookie_prefix']   "";
$config['cookie_domain']   "";
$config['cookie_path']      "/";

$config['global_xss_filtering'TRUE

Success session starting log:

DEBUG 2009-02-18 14:35:06 --> Config Class Initialized
DEBUG 2009-02-18 14:35:06 --> Hooks Class Initialized
DEBUG 2009-02-18 14:35:06 --> URI Class Initialized
DEBUG 2009-02-18 14:35:06 --> Router Class Initialized
DEBUG 2009-02-18 14:35:06 --> Output Class Initialized
DEBUG 2009-02-18 14:35:06 --> Input Class Initialized
DEBUG 2009-02-18 14:35:06 --> XSS Filtering completed
DEBUG 2009-02-18 14:35:06 --> Global POST and COOKIE data sanitized
DEBUG 2009-02-18 14:35:06 --> Language Class Initialized
DEBUG 2009-02-18 14:35:06 --> Loader Class Initialized
DEBUG 2009-02-18 14:35:06 --> Helper loadedurl_helper
DEBUG 2009-02-18 14:35:06 --> Helper loadeddknt_helper
DEBUG 2009-02-18 14:35:06 --> Database Driver Class Initialized
DEBUG 2009-02-18 14:35:06 --> Session Class Initialized
DEBUG 2009-02-18 14:35:06 --> Helper loadedstring_helper
DEBUG 2009-02-18 14:35:06 --> Encrypt Class Initialized
DEBUG 2009-02-18 14:35:06 --> Session garbage collection performed.
DEBUG 2009-02-18 14:35:06 --> Session routines successfully run
DEBUG 2009-02-18 14:35:06 --> Controller Class Initialized
DEBUG 2009-02-18 14:35:06 --> Helper loadedform_helper
DEBUG 2009-02-18 14:35:06 --> Helper loadedhtml_helper
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> Model Class Initialized
DEBUG 2009-02-18 14:35:06 --> File loaded: /var/www/localhost/htdocs/documents/system/application/views/upload_form.php
DEBUG 2009-02-18 14:35:06 --> Final output sent to browser
DEBUG 2009-02-18 14:35:06 --> Total execution time0.0737 

Failure log (another server):

DEBUG 2009-02-16 13:51:06 --> Config Class Initialized
DEBUG 2009-02-16 13:51:06 --> Hooks Class Initialized
DEBUG 2009-02-16 13:51:06 --> URI Class Initialized
DEBUG 2009-02-16 13:51:06 --> Router Class Initialized
DEBUG 2009-02-16 13:51:06 --> Output Class Initialized
DEBUG 2009-02-16 13:51:06 --> Input Class Initialized
DEBUG 2009-02-16 13:51:06 --> XSS Filtering completed
DEBUG 2009-02-16 13:51:06 --> Global POST and COOKIE data sanitized
DEBUG 2009-02-16 13:51:06 --> Language Class Initialized
DEBUG 2009-02-16 13:51:06 --> Loader Class Initialized
DEBUG 2009-02-16 13:51:06 --> Helper loadedurl_helper
DEBUG 2009-02-16 13:51:06 --> Helper loadeddknt_helper
DEBUG 2009-02-16 13:51:06 --> Database Driver Class Initialized
DEBUG 2009-02-16 13:51:06 --> Controller Class Initialized
DEBUG 2009-02-16 13:51:06 --> Session Class Initialized
DEBUG 2009-02-16 13:51:06 --> Helper loadedstring_helper
DEBUG 2009-02-16 13:51:06 --> Encrypt Class Initialized
DEBUG 2009-02-16 13:51:06 --> A session cookie was not found.
DEBUG 2009-02-16 13:51:06 --> Session routines successfully run
DEBUG 2009-02-16 13:51:06 --> Helper loadedform_helper
DEBUG 2009-02-16 13:51:06 --> Helper loadedcookie_helper
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Model Class Initialized
DEBUG 2009-02-16 13:51:06 --> Helper loadedhtml_helper
DEBUG 2009-02-16 13:51:06 --> File loaded: /var/www/localhost/htdocs/documents/system/application/views/upload_form.php
DEBUG 2009-02-16 13:51:06 --> Final output sent to browser
DEBUG 2009-02-16 13:51:06 --> Total execution time0.0709 
Profile
 
 
Sam Dark
Posted: 18 February 2009 09:01 AM   [ Ignore ]   [ # 34 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

DEBUG - 2009-02-16 13:51:06—> A session cookie was not found. should mean something.
Profile
 
 
Derek Jones
Posted: 18 February 2009 10:33 AM   [ Ignore ]   [ # 35 ]  
Administrator
Avatar
RankRankRankRankRankRankRank
Total Posts:  11292
Joined  06-03-2002

Sam, check the code, that means the cookie’s not even found.  Encryption’s not in play there.  Is the cookie being set?  If not, why?  Can you reproduce?

 Signature 
Profile
MSG
 
 
Sam Dark
Posted: 18 February 2009 01:35 PM   [ Ignore ]   [ # 36 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  286
Joined  02-13-2008

It’s session lib, not a manual cookie setting. It’s working at one server and not working at another exactly like the issue with IV parameter.

Could it be that if cookie is not found, it caused mcrypt to generate wrong IV and the entire issue is not about mcrypt?

It can be reproduced in one environment and can’t in another.
Profile
 
 
Derek Jones
Posted: 18 February 2009 01:40 PM   [ Ignore ]   [ # 37 ]  
Administrator
Avatar
RankRankRankRankRankRankRank
Total Posts:  11292
Joined  06-03-2002

I understand that it’s the session library, but that error is logged when there’s no session cookie available - it occurs before and is unrelated to encryption, and in fact when that check fails and that error is logged, Session::sess_read() immediately returns and the code which would attempt to decrypt the session cookie isn’t even executed.

 Signature 
Profile
MSG
 
 
ginonly
Posted: 17 August 2009 06:54 AM   [ Ignore ]   [ # 38 ]  
Summer Student
Avatar
Total Posts:  1
Joined  08-17-2009

I had the same error, but in my situation everything worked good (without errors) until I had changed mbstring.func_overload in my php.ini from 0 to 2. Of course, I set it back to 0 and now CI works as before. Sorry for my English.
Profile
 
 
Derek Jones
Posted: 17 August 2009 02:30 PM   [ Ignore ]   [ # 39 ]  
Administrator
Avatar
RankRankRankRankRankRankRank
Total Posts:  11292
Joined  06-03-2002

That sounds plausible, ginonly, since that takes over string handlers in a way that will likely break encoded data.

 Signature 
Profile
MSG
 
 
   
3 of 3
Prev
1
2
3
 
‹‹ Cache Problem      xss_clean gives strange results. ››
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 3.1.5 (20110621)
Script Executed in 0.2758 seconds
Atom Feed   RSS 2.0