Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9358

Zabbix API session ID generation produces non-unique IDs

    XMLWordPrintable

    Details

    • Team:
      Team A
    • Sprint:
      Sprint 4
    • Story Points:
      0.5

      Description

      We have observed problems with session IDs being non-unique if a user has several sessions during the same second. If two sessions get the same ID, a disconnect on one of those sessions will also unexpectedly disconnect another session.

      We have traced the non-unique ID problem to this line in the CUser.php file of the Zabbix API:

      $sessionid = md5(time().$password.$name.rand(0, 10000000));

      time() is second-based, and rand with the same seed has been known to return the same value repeatedly. This appears to be the root of the problem. Since we create a significant number of sections, duplicate IDs and resulting problems are a frequent occurrence.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ai Alina Ivchenko
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: