payload is invalid for laravel_session decrypt












1















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {

$this->clients[$conn->resourceId] = new Client();
$this->clients[$conn->resourceId]->conn = $conn;


$cookiesRaw = $conn->httpRequest->getHeader('Cookie');

$cookies = ;
if(count($cookiesRaw))
{
$cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies
}

// Get the laravel's one
$laravelCookie = $cookies[Config::get('session.cookie')];

$idSession = Crypt::decrypt($laravelCookie);
echo "n cookie is ";
print_r($idSession);

}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));
$value = base64_decode( $cookie_contents->value );
$iv = base64_decode( $cookie_contents->iv );
$clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file











share|improve this question




















  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54
















1















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {

$this->clients[$conn->resourceId] = new Client();
$this->clients[$conn->resourceId]->conn = $conn;


$cookiesRaw = $conn->httpRequest->getHeader('Cookie');

$cookies = ;
if(count($cookiesRaw))
{
$cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies
}

// Get the laravel's one
$laravelCookie = $cookies[Config::get('session.cookie')];

$idSession = Crypt::decrypt($laravelCookie);
echo "n cookie is ";
print_r($idSession);

}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));
$value = base64_decode( $cookie_contents->value );
$iv = base64_decode( $cookie_contents->iv );
$clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file











share|improve this question




















  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54














1












1








1








I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {

$this->clients[$conn->resourceId] = new Client();
$this->clients[$conn->resourceId]->conn = $conn;


$cookiesRaw = $conn->httpRequest->getHeader('Cookie');

$cookies = ;
if(count($cookiesRaw))
{
$cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies
}

// Get the laravel's one
$laravelCookie = $cookies[Config::get('session.cookie')];

$idSession = Crypt::decrypt($laravelCookie);
echo "n cookie is ";
print_r($idSession);

}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));
$value = base64_decode( $cookie_contents->value );
$iv = base64_decode( $cookie_contents->iv );
$clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file











share|improve this question
















I'm trying to decrypt laravel_session but the following error occur:



An error has occurred: The payload is invalid.


simply I'm using Rachet and I'm trying to call the authorized user, so I got the cookies in httpRequest using the following:



    public function onOpen(ConnectionInterface $conn) {

$this->clients[$conn->resourceId] = new Client();
$this->clients[$conn->resourceId]->conn = $conn;


$cookiesRaw = $conn->httpRequest->getHeader('Cookie');

$cookies = ;
if(count($cookiesRaw))
{
$cookies = GuzzleHttpPsr7parse_header($cookiesRaw)[0]; // Array of cookies
}

// Get the laravel's one
$laravelCookie = $cookies[Config::get('session.cookie')];

$idSession = Crypt::decrypt($laravelCookie);
echo "n cookie is ";
print_r($idSession);

}


The Crypt::decrypt($laravelCookie); is causing the error, I've tried to use:



    $cookie_contents = json_decode( base64_decode( $laravelCookie, true ));
$value = base64_decode( $cookie_contents->value );
$iv = base64_decode( $cookie_contents->iv );
$clear = unserialize( openssl_decrypt($value, Config::get( 'app.cipher' ), Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
echo "Cookie contents (Session ID): $valuen";


but it is also causing The payload is invalid.



How can I decrypt this laravel_session in order to get user session id !



I want to get the Auth user via this session.



I've searched a lot in stack-overflow and google, but all the cases didn't match mine.




Note: I'm using SESSION_DRIVER=file








laravel session ratchet






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 11:16







shamaseen

















asked Nov 19 '18 at 22:55









shamaseenshamaseen

176114




176114








  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54














  • 1





    use Session::getId()

    – adam
    Nov 19 '18 at 23:08











  • I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

    – adam
    Nov 19 '18 at 23:23











  • @adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

    – shamaseen
    Nov 20 '18 at 11:10











  • Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

    – adam
    Nov 20 '18 at 13:35











  • @adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

    – shamaseen
    Nov 20 '18 at 13:54








1




1





use Session::getId()

– adam
Nov 19 '18 at 23:08





use Session::getId()

– adam
Nov 19 '18 at 23:08













I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

– adam
Nov 19 '18 at 23:23





I assume this is some sort of websocket application since you are using ratchet? I'm not sure if you need the session id, or the authenticated users information, in any case what you could do is encrypt whatever user data you need, then send it through to your websocket(ratchet) server.

– adam
Nov 19 '18 at 23:23













@adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

– shamaseen
Nov 20 '18 at 11:10





@adam Thank you !, now how can i get the user object using this session ? Am just trying to get the app user in webscoket using back end, any suggestion ?

– shamaseen
Nov 20 '18 at 11:10













Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

– adam
Nov 20 '18 at 13:35





Yes you can get the user, instead of sending the session id through, send the user id. Then use User::find($userid); on your websocket server side.

– adam
Nov 20 '18 at 13:35













@adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

– shamaseen
Nov 20 '18 at 13:54





@adam but this will be vulnerable !, I mean if i sent the user id from the front-end to websocket, the user can manipulate his id and steal another user identity ! i believe user id should be sent in back end using sessions, am i wrong ?

– shamaseen
Nov 20 '18 at 13:54












1 Answer
1






active

oldest

votes


















1














Laravel provides a way to grab your session id:



use IlluminateSupportFacadesSession;

$sessionid = Session::getId();





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383821%2fpayload-is-invalid-for-laravel-session-decrypt%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    Laravel provides a way to grab your session id:



    use IlluminateSupportFacadesSession;

    $sessionid = Session::getId();





    share|improve this answer




























      1














      Laravel provides a way to grab your session id:



      use IlluminateSupportFacadesSession;

      $sessionid = Session::getId();





      share|improve this answer


























        1












        1








        1







        Laravel provides a way to grab your session id:



        use IlluminateSupportFacadesSession;

        $sessionid = Session::getId();





        share|improve this answer













        Laravel provides a way to grab your session id:



        use IlluminateSupportFacadesSession;

        $sessionid = Session::getId();






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 19 '18 at 23:13









        adamadam

        917811




        917811






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383821%2fpayload-is-invalid-for-laravel-session-decrypt%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            'app-layout' is not a known element: how to share Component with different Modules

            android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

            WPF add header to Image with URL pettitions [duplicate]