PasswordHash.php Max Execution Problem

I’ve been getting this issue on and off on a site for years now, doesn’t ever seem to go away. I’ve upgraded the site via composer to 8.5.7 so its very current. This issue has come up before with no resolution: phpass PasswordHash timing out - concrete5

concrete/src/User/PasswordHash.php:319 Maximum execution time of 30 seconds exceeded

I have users who cannot log in and just receive this error. Any ideas?

1 Like

The previous issue you linked to has 5700 individual overrides showing in the environment info txt file!

Looks like this might be going away in v9. The PasswordHash.php file has been deprecated with the following comments:


  • @deprecated
  • IMPORTANT: This is a clone of hautelook/phpass –a portable password hashing framework. This used to be delivered
  • via composer, but the package disappeared from there. In version 9 and above this file is not needed, but given
  • 8.5.x’s latest in life nature, it’s easier for this to be copied as is into the core. Original file continues below:

I’ve actually had one user run into this on a concrete 8.5.6 site. We have upgraded them to 8.5.7 and do run into the same issue. The user does seem to be checking the ‘keep me logged in for 2 weeks’ checkbox and do this from multiple devices so I’m not sure that contributes to it and if your users are in the same scenario.

Clearing their cookies usually allows them to log in and thankfully they are getting by with that at the moment. In one case we did a screen share and I had them clear a single cookie (I believe it was ccmAuthUserHash set by Concrete\Core\User\PersistentAuthentication\CookieService) and that also then allowed them to log in normally

Thanks @triplei. We knew about clearing the cookie, unfortunately, this client has hundreds of users and most of them not technical, so we are facing a larger scale issue. Maybe we can patch the core to remove the cookies if we get close to timeout or something.