Geek Answers Handbook

Can I check what phh session hashing uses?

I am trying to make sure that I am using sha512 to hash the session. When I print my algo, I get

Array ( [0] => md2 [1] => md4 [2] => md5 [3] => sha1 [4] => sha224 [5] => sha256 [6] => sha384 [7] => sha512 [8] => ripemd128 etc.... )

So in php.ini I set it as

 session.hash_function = 7

The only reason I got confused is that in the .ini file it lists hash schemes differently than what php prints, like 0 as md5, not md2.

 ; Select a hash function ; 0: MD5 (128 bits) ; 1: SHA-1 (160 bits)

Is it just default hashing schemes, maybe an older version of php or something else?

+7
php session hash
source share
3 answers

0 and 1 are only numerical values ​​that are actually documented :

session.hash_function allows you to specify the hash algorithm used to generate session identifiers. '0' means MD5 (128 bits) and "1" means SHA-1 (160 bits).

If you want to use other algorithms:

Since PHP 5.3.0 it is also possible to specify any of the proposed algorithms using a hash extension (if available), for example, sha512 or a jacuzzi. A complete list of supported algorithms can be obtained using hash_algos ().

I admit that this is not clearly expressed, but the definition of the directive says that its argument is of type mixed . It expects either an integer (only for MD5 and SHA-1), or the name (string) of the algorithm returned by hash_algos () . (By the way, this also means that there are two ways to specify MD5 and SHA-1.) The developers changed their minds when adding new algorithms, but retained backward compatibility.

I tried this code and I had a great session id:

 ini_set('session.hash_function', 'whirlpool');
+6
source share

hash_algos () returns an array of strings of all available algorithms and therefore is not suitable as an argument for the ini-setting "session.hash function". Just try setting your preferred algorithm as a string instead of "0" or "1".

+2
source share

setting the hash function as a string works

 session.hash_function = sha512
+2
source share

More articles:


All Articles