ottdev

Well-Known Member
Oct 1, 2013
129
4
68
cPanel Access Level
Root Administrator
End of Feb 2016 this changed - is the length controlled by a setting or it's only being truncated in the log
Code:
# grep -m1  "2016-02.*NEW " session_log
[2016-02-01 01:59:12 -0500] info [cpsrvd] 1.2.3.4 NEW username:qcBosOuRuAGsuhOMTh_ls5E2IrROwx__YM_Bs9J972EP9ZaG7aNJFs2_0OOmoVT5 address=1.2.3.4,app=cpaneld,creator=username,method=handle_form_login,path=form,possessed=0

# grep -m1  "2017.*NEW " session_log
[2017-01-04 21:18:18 -0500] info [cpsrvd] 1.2.3.4 NEW root:nFYzl15pEU3egiBP address=1.2.3.4,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

The session name referenced in the log should match what you see in the following directory:

/var/cpanel/sessions/raw/

It's not possible to modify how the session name is generated.

Thank you.
 

ottdev

Well-Known Member
Oct 1, 2013
129
4
68
cPanel Access Level
Root Administrator
Hello,

The session name referenced in the log should match what you see in the following directory:

/var/cpanel/sessions/raw/

It's not possible to modify how the session name is generated.

Thank you.
What controls the length ? They changed from 64 characters to 16 characters as of Feb 29/2016.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Here's a quote from our UAPI documentation regarding a change to session management in cPanel version 54:

In earlier versions of cPanel & WHM, the system created temporary MySQL®/MariaDB users whenever a user logged in to cPanel via external session creation instead of password authentication. This caused high load and performance issues on systems with frequent logins.

As of cPanel & WHM version 54, the system no longer created temporary users for external session logins until a script or user accessed the phpMyAdmin feature or the backup functionality.
I believe this is the change you are noticing in the log output you provided.

Thank you.
 

ottdev

Well-Known Member
Oct 1, 2013
129
4
68
cPanel Access Level
Root Administrator
I am not asking about the frequency of logins (there may be less, I didn't notice) - I understand you mean when a user logged in, it also hooked them up for sql and backups even if they didn't go there. Now it waits until they actually use these functions - so instead of 3 logins, it only creates one initially.

I understand that - but why did the session length decrease from 64 characters to only 16 - wouldn't 64 charcters be more secure ?

NEW username:qcBosOuRuAGsuhOMTh_ls5E2IrROwx__YM_Bs9J972EP9ZaG7aNJFs2_0OOmoVT5
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

I don't see the specific case number that references the change, so it's possible that it was changed as part of the Security Tokens functionality included in a previous version. The session name you see in /usr/local/cpanel/logs/session_log doesn't include data that's usable in a web browser or through an external application for authentication. It's the name the corresponds to a file in the /var/cpanel/sessions/raw directory. Thus, it's not considered a security risk because it's not a value that can be used for access to cPanel/WHM/Webmail.

Here's an example of what you will see if you view the session file in the /var/cpanel/sessions/raw directory:

Code:
# cat root:wB0vfgw_V3Ttj0VF
ip_address=1.2.3.4
login_theme=cpanel
origin_as_string=address=1.2.3.4,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0
user=root
external_validation_token=2FXf0Qz5KF2eJH4C
original_ip_address=1.2.3.4
cp_security_token=/cpsess1234592347
successful_internal_auth_with_timestamp=1494261947
pass=2021757500b5754351234531603035673733383336683936383033626268385
tfa_verified=0
Notice that the actual security tokens are stored within the session file and do not correspond to the session name that appears in the session log. Thus, whether "wB0vfgw_V3Ttj0VF" in this example is 16-characters or 64-characters should not matter.

Thank you.