payload is invalid for laravel_session decrypt












1















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet







share|improve this question




















  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54
















1















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet







share|improve this question




















  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54














1












1








1








I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet







share|improve this question
















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {



        $this->clients[$conn->resourceId] = new Client();

        $this->clients[$conn->resourceId]->conn = $conn;





        $cookiesRaw = $conn->httpRequest->getHeader('Cookie');



        $cookies = ;

        if(count($cookiesRaw))

        {

            $cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies

        }



 // Get the laravel's one

        $laravelCookie = $cookies[Config::get('session.cookie')];



$idSession = Crypt::decrypt($laravelCookie);

        echo "n cookie is ";

        print_r($idSession);



}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));

    $value = base64_decode( $cookie_contents->value );

    $iv = base64_decode( $cookie_contents->iv );

    $clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));

    echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file







laravel session ratchet




laravel session ratchet






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 11:16







shamaseen

















asked Nov 19 '18 at 22:55









shamaseenshamaseen

176114




176114








  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54














  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54








1




1





use Session::getId()

– adam
Nov 19 '18 at 23:08





use Session::getId()

– adam
Nov 19 '18 at 23:08













I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

– adam
Nov 19 '18 at 23:23





I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

– adam
Nov 19 '18 at 23:23













@adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

– shamaseen
Nov 20 '18 at 11:10





@adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

– shamaseen
Nov 20 '18 at 11:10













Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

– adam
Nov 20 '18 at 13:35





Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

– adam
Nov 20 '18 at 13:35













@adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

– shamaseen
Nov 20 '18 at 13:54





@adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

– shamaseen
Nov 20 '18 at 13:54












1 Answer
1






active

oldest

votes


















1














Laravel provides a way to grab your session id:



use IlluminateSupportFacadesSession;



$sessionid = Session::getId();





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383821%2fpayload-is-invalid-for-laravel-session-decrypt%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    Laravel provides a way to grab your session id:



    use IlluminateSupportFacadesSession;
    

    
$sessionid = Session::getId();





    share|improve this answer




























      1














      Laravel provides a way to grab your session id:



      use IlluminateSupportFacadesSession;
      

      
$sessionid = Session::getId();





      share|improve this answer


























        1












        1








        1







        Laravel provides a way to grab your session id:



        use IlluminateSupportFacadesSession;
        

        
$sessionid = Session::getId();





        share|improve this answer













        Laravel provides a way to grab your session id:



        use IlluminateSupportFacadesSession;
        

        
$sessionid = Session::getId();






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 19 '18 at 23:13









        adamadam

        917811




        917811






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383821%2fpayload-is-invalid-for-laravel-session-decrypt%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 This is a simple project showing cubes on Unity, exported to android project and imported on Android studio. On maifest file it showed following warning: Expecting <uses-feature android:name="android.software.leanback" android:required="false" /> tag I have no information about it. And also on default emptyview android project does not use/mention this feature. I know it is required by TV's and such but why its not added by default? Why is this? And Should I concern about it? android unity3d
            Read more

            SQL update select statement

            Image
            0 I'm trying to update an entry in my database (postgresql). I'm having a problem with updating the query: INSERT INTO prices (price, product_id) SELECT product_price, commn_id FROM products_temp as prod WHERE NOT EXISTS (SELECT * FROM prices od WHERE prod.commn_id = od.product_id) OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) Query works fine when i delete: OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) So it seems to me that it's looping through this operation. My question is, how can I fix it? sql postgresql
            Read more

            'app-layout' is not a known element: how to share Component with different Modules

            Image
            0 My application was working fine until I decided to go with lazy loading: So, my shared component looks like this: import { Component, Renderer2 } from '@angular/core'; export interface FormModel { captcha?: string; } @Component({ selector: 'app-layout', templateUrl: './app-layout.component.html', styleUrls: ['./app-layout.css'] }) export class FullLayoutComponent { } app-layout.component.ts I am using this component in my Another component say school-home.component.html like this: <app-layout> </app-layout> and it was working fine until I created a Module school-home.module.ts like this: import { NgModule } from '@angular/core'; import { CommonModule } from '@angular/common'; import { SchoolhomeRoutingModule
            Read more