I would suggest, that we use md5-hashes of the session_id(). Tablefield is 32 chars, but the session on our Server e.g is 43 chars. When cutting the last chars, we take quite a lot uniqueness out of our hash (which actually caused some false assignments). When doing a md5-hash we get it back without changing db.

Patch attached

CommentFileSizeAuthor
use_md5_session.patch1.94 KBsmussbach

Comments

organicwire’s picture

organicwire commented
Status: Needs review » Fixed

Your patch went into the dev branch. Indeed md5 sums make more sense. We used drupal_substr() for debugging during porting code to D7.

I modified your patch in order to have md5 sums from session id + client ip address.

smussbach’s picture

smussbach commented

I think we shouldn't use $_SERVER['REMOTE_ADDR'] as it could easily change between requests e.g. if user sits in a network behind a proxy with two outgoing IPs.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) commented
Issue summary: View changes

typo