12 June 2012, 16:05

Your PHP session.entropy_length setting is too small. Set it to at least 16 in your php.ini to ensure that generated session IDs are random and unpredictable enough.

Please Help

13 June 2012, 2:21

Hi there, thanks for using Mahara :)

This notice is only a warning that to let you know that you're not maximising your use of the mahara security features. Things will still work ok; this being low or unset does not stop things from working.

To set this, you need to edit your php.ini file to have a "session.entropy_length" setting with a number of 16 or higher.

If you are using windows, c:\windows\php.ini may be where the ini file is. I don't have windows, so I cannot double-check this.

If you are using linux, this may also, but is likely at /etc/php5/apache2/php.ini

If you cannot edit your php.ini, you can try using a .htaccess file. This page tells you how to set php configuration in a .htaccess file.

If you're on shared hosting, you may be unable to do any of this, and you will need to ask the support staff to help you. It is in their best interests to help you, as this makes your site more secure, and less likely to cause problems on their server.

But don't worry too much if you cannot resolve this; if you cannot, you can simply ignore the warning.

Hope this helps,
Melissa.

13 June 2012, 14:10

Thanks Melissa!!