id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
2249	MD5 is broken sometimes, an option to use SHA would be appreciated.	pol@…	nobody	"Machine Info:
Debian Linux 2.4.26-1-386
mod_python 3.1
Apache2
Python 2.3

Description:
Apparently my version of mod_python is not generating md5 strings well.  As a result, the session was throwing a ""Suspicious Operation"" exception when checking for cookie tampering.  I am not the first person that this has happened to.

The follwing fixed the problem:
Modify contrib/sessions/models.py and contrib/admin/views/decorators.py 
 - Import sha and change *md5* to *sha*
 - Change encoded_data[:-32], encoded_data[-32:] to encoded_data[:-40], encoded_data[-40:]

Suggestion: 
Add a SESSION_KEY_TYPE var to settings.py that allows the user to specify md5 or sha session keys.

"	enhancement	closed	Contrib apps		normal	invalid	modpython md5 session	nikl@…	Design decision needed	0	0	0	0	0	0