In database table 'session' the field 'sess_id' should be set from varchar(32) to varchar(64).
I had moved my site to a newer OS with newer PHP version (> 5.4.x) which has the 'session.hash_function' set to 'sha256' per default (this seems to be true at least on opensuse 13.2).
This leads to session ids with more than 32 characters. Which can't be stored to table 'session'.
In this case you can't log on into your xoops site, except the rememberme checkbox is available and activated.
I checked the version 2.6.0 which also has 'sess_id' set to only 32.
Yes, the session code is showing its age. Looks like VARCHAR(128) would handle any of the currently possible hashes when used with the 4bit encoding option. The sess_ip, and related processing, isn't exactly IPV6 ready, either.
For 2.5.8, we'll update the sess_id column to handle the larger sizes. For now, the fixes for other potential issues will be directed at 2.6.
Thanks for reporting this!