Applies To
Zend Server 7.0.x, Zend Server 8.5.x, Zend Server 9.0.x
Introduction
The session.hash_function directive was introduced with PHP 5 and is used to select a hash algorithm for the generation of session IDs. Originally, the possible options were '0' for MD5 (128 bits) and '1' for SHA-1 (160 bits). Since PHP 5.3, the session.hash_function setting was extended, allowing it to specify a number of algorithms by name, in addition to the original two options. The possible values of session.hash_function can be obtained using hash_algos():
[0] => md4
[1] => md5
[2] => sha1
[3] => sha256
[4] => sha384
[5] => sha512
[6] => ripemd128
[7] => ripemd160
[8] => whirlpool
[9] => tiger128,3
[10] => tiger160,3
[11] => tiger192,3
[12] => tiger128,4
[13] => tiger160,4
[14] => tiger192,4
[15] => snefru
[16] => gost
[17] => adler32
[18] => crc32
[19] => crc32b
[20] => haval128,3
[21] => haval160,3
[22] => haval192,3
[23] => haval224,3
[24] => haval256,3
[25] => haval128,4
[26] => haval160,4
[27] => haval192,4
[28] => haval224,4
[29] => haval256,4
[30] => haval128,5
[31] => haval160,5
[32] => haval192,5
[33] => haval224,5
[34] => haval256,5
Symptoms
In the Zend Server UI, the session.hash_function selection is limited to a drop-down menu, only providing the original two options. This makes it impossible to use any other algorithms without having to deal with a warning message about a directive mismatch in the Zend Server UI.
Solution
To work around the problem, a change needs to be introduced in the following file:
On Linux / macOS: /usr/local/zend/share/zend_extensions_map.json
On Windows: {Zend Server installation directory}\ZendServer\share\zend_extensions_map.json
Locate the following code:
"session.hash_function":{
"shortDescription":"Specify the hash algorithm used to generate the session IDs",
"type":3,
"section":"",
"visible":"1",
"units":"",
"validation":{
"minValue":null,
"maxValue":null,
"regex":"",
"listValues":"a:2:{i:0;s:14:\"MD5 (128 bits)\";i:1;s:16:\"SHA-1 (160 bits)\";}",
"html":false,
"email":false,
"uri":false,
"defaultServer":false,
"allowempty":true,
"host":false
}
},
Replace it with the following code:
"session.hash_function":{
"shortDescription":"Specify the hash algorithm used to generate the session IDs",
"type":1,
"section":"",
"visible":"1",
"units":"",
"validation":{
"minValue":null,
"maxValue":null,
"regex":"",
"listValues":"",
"html":false,
"email":false,
"uri":false,
"defaultServer":false,
"allowempty":true,
"host":false
}
},
Save and close the file. Then reload the Zend Server UI - session.hash_function will be a text field instead of a drop-down menu. You should now be able to set session.hash_function to any registered hash algorithm by entering its name in the text field.