Details
-
Type:
Incident report
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.2.18rc1, 3.0.9rc1, 3.2.5rc1, 3.4.0alpha1
-
Component/s: API (A)
-
Labels:
-
Team:Team A
-
Sprint:Sprint 4
-
Story Points:0.5
Description
We have observed problems with session IDs being non-unique if a user has several sessions during the same second. If two sessions get the same ID, a disconnect on one of those sessions will also unexpectedly disconnect another session.
We have traced the non-unique ID problem to this line in the CUser.php file of the Zabbix API:
$sessionid = md5(time().$password.$name.rand(0, 10000000));
time() is second-based, and rand with the same seed has been known to return the same value repeatedly. This appears to be the root of the problem. Since we create a significant number of sections, duplicate IDs and resulting problems are a frequent occurrence.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-