Home/ Questions/Q 9020961
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T05:08:42+00:00

I am having a problem with the session in play framework 1.2.4. When I

  • 0

I am having a problem with the session in play framework 1.2.4. When I add a SHA256-hash of a particular String (“testDude5”) to the session and retrieve it afterwards, the values are not the same. It doesn’t happen with other Strings like “testDude1”. Here is the sample code to reproduce the result. 

package controllers;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import play.mvc.Controller;


public class ExampleController extends Controller
{

    public static final String test1 = "testDude1";
    public static final String test2 = "testDude5";

    public static void set()
    {
        session.put("test1", getHash(test1));
        session.put("test2", getHash(test2));
    }

    public static void get()
    {
        String output = "";

        output += "Test 1 compare: ";
        output += session.get("test1").equals(getHash(test1)) ? "success" : "failed";
        output += "\n";

        output += "Test 2 compare: ";
        output += session.get("test2").equals(getHash(test2)) ? "success" : "failed";
        output += "\n";

        renderText(output);
    }

    /**
     * Generates the hash value for a password.
     * 
     * @param password
     * @return hash
     */
    public static String getHash(String password)
    {
        // Create an digest object
        MessageDigest md;

        try
        {
            // Try to get sha-265
            md = MessageDigest.getInstance("SHA-256");

            // Encrypt the password
            md.update(password.getBytes("UTF-8"));

            // Get the encrypted password
            byte[] digest = md.digest();

            // Convert byte array to String
            String str = new String(digest);

            // Return encrypted password
            return str;
        }
        catch (NoSuchAlgorithmException e)
        {
            e.printStackTrace();
        }
        catch (UnsupportedEncodingException e)
        {
            e.printStackTrace();
        }

        return null;
    }

}

I am totally puzzled by this. Does anyone have an idea whats going on there. Thanks for any advice.

Cheers

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem is in your getHash function. There is nothing wrong with play framework session.

    public static String getHash(String password) {
    ....
    // Get the encrypted password
    byte[] digest = md.digest();
    // Convert byte array to String
    String str = new String(digest); // DON'T do this with digest! 
    // The behavior is unspecified.

    According to Java API doc, this constructor “Constructs a new String by decoding the specified array of bytes using the platform’s default charset…The behavior of this constructor when the given bytes are not valid in the default charset is unspecified“. However your hash digest may contains something not valid in the default charset.

    Play framework provides a nice utility function Codec.byteToHeString() to transform digest in byte[] into hex string. This might be just what you need.

        // Codec resides in play.libs
    String str = Codec.byteToHexString(digest);
    • 0