payload is invalid for laravel_session decrypt












1















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet







share|improve this question




















  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54
















1















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet







share|improve this question




















  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54














1












1








1








I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet







share|improve this question
















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet




laravel session ratchet






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 11:16







shamaseen

















asked Nov 19 '18 at 22:55









shamaseenshamaseen

176114




176114








  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54














  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54








1




1





use Session::getId()

– adam
Nov 19 '18 at 23:08





use Session::getId()

– adam
Nov 19 '18 at 23:08













I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

– adam
Nov 19 '18 at 23:23





I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

– adam
Nov 19 '18 at 23:23













@adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

– shamaseen
Nov 20 '18 at 11:10





@adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

– shamaseen
Nov 20 '18 at 11:10













Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

– adam
Nov 20 '18 at 13:35





Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

– adam
Nov 20 '18 at 13:35













@adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

– shamaseen
Nov 20 '18 at 13:54





@adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

– shamaseen
Nov 20 '18 at 13:54












1 Answer
1






active

oldest

votes


















1














Laravel provides a way to grab your session id:



use IlluminateSupportFacadesSession;



$sessionid = Session::getId();





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383821%2fpayload-is-invalid-for-laravel-session-decrypt%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    Laravel provides a way to grab your session id:



    use IlluminateSupportFacadesSession;
    

    
$sessionid = Session::getId();





    share|improve this answer




























      1














      Laravel provides a way to grab your session id:



      use IlluminateSupportFacadesSession;
      

      
$sessionid = Session::getId();





      share|improve this answer


























        1












        1








        1







        Laravel provides a way to grab your session id:



        use IlluminateSupportFacadesSession;
        

        
$sessionid = Session::getId();





        share|improve this answer













        Laravel provides a way to grab your session id:



        use IlluminateSupportFacadesSession;
        

        
$sessionid = Session::getId();






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 19 '18 at 23:13









        adamadam

        917811




        917811






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383821%2fpayload-is-invalid-for-laravel-session-decrypt%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

            Image
            28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
            Read more

            Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

            Image
            up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
            Read more

            A Topological Invariant for $pi_3(U(n))$

            Image
            3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
            Read more