• laravel 5.5.39 升级到 5.5.45 出现 cookie 序列化异常问题的解决


    把项目里的 laravel 5.5.39 升级到 5.5.45 后,出现如下报错:

    ErrorException
    openssl_encrypt() expects parameter 1 to be string, array given
    vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php in handleError at line 91
    vendor/sentry/sentry/lib/Raven/Breadcrumbs/ErrorHandler.php in handleError at line 34
    vendor/sentry/sentry/lib/Raven/Breadcrumbs/ErrorHandler.php in openssl_encrypt
    vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php in encrypt at line 91
    vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php in encrypt at line 139
    vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php in handle at line 66
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in then at line 102
    vendor/laravel/framework/src/Illuminate/Routing/Router.php in runRouteWithinStack at line 660
    vendor/laravel/framework/src/Illuminate/Routing/Router.php in runRoute at line 635
    vendor/laravel/framework/src/Illuminate/Routing/Router.php in dispatchToRoute at line 601
    vendor/laravel/framework/src/Illuminate/Routing/Router.php in dispatch at line 590
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php in IlluminateFoundationHttp{closure} at line 176
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 30
    vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php in handle at line 58
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/fideloper/proxy/src/TrustProxies.php in handle at line 56
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php in handle at line 30
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php in handle at line 30
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php in handle at line 27
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php in handle at line 46
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in IlluminatePipeline{closure} at line 149
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php in IlluminateRouting{closure} at line 53
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php in then at line 102
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php in sendRequestThroughRouter at line 151
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php in handle at line 116
    public/index.php at line 55

    观察上面的堆栈记录,并且打断点排查,终于确定是由于 Cookie 序列化加密导致的问题。

    查阅 laravel 5.5 upgrade 官方文档,laravel 5.5.42 版开始为了防止 PHP 对象的序列化/反序列化漏洞被利用,不再对 Cookie 值进行自动的序列化和反序列化处理。

    举个栗子:

    Cookie::queue('user', ['id' => 1, 'name' => 'admin'], 720, '/')

    Laravel 更新到 v5.5.42 后,因为 Laravel 不再自动对 Cookie 值 ['id' => 1, 'name' => 'admin'] 进行序列化处理,而 openssl_encrypt ( string $data ... ) 只能加密字符串数据,这个时候程序就会抛出错误:openssl_encrypt() expects parameter 1 to be string, array given。

    解决方法:

    • 新版里面在中间件 AppHttpMiddlewareEncryptCookies 新增静态属性 $serialize,当设置为 true 时可开启 Cookie 值的自动序列化和反序列化处理。
    /**
     * Indicates if cookies should be serialized.
     *
     * @var bool
     */
    protected static $serialize = true;
    • 【推荐】将 Cookie 值使用 JSON 函数编码成字符串后再进行存储(获取 Cookie 值后需调用 json_decode 函数进行解码)。
    Cookie::queue('user', json_encode(['id' => 1, 'name' => 'admin']), 720, '/');

     

    首发于知乎专栏《PHP和Laravel学习》:https://zhuanlan.zhihu.com/p/60861964

  • 相关阅读:
    mybatis的xml文件中的CDATA的使用
    使用jedis执行lua脚本
    连接池中的maxIdle,MaxActive,maxWait等参数详解
    Unity3D脚本中文系列教程(十六)
    Unity3D脚本中文系列教程(十五)
    Unity3D脚本中文系列教程(十四)
    Unity3D脚本中文系列教程(十三)
    Unity3D脚本中文系列教程(十二)
    Unity3D脚本中文系列教程(十一)
    Unity3D脚本中文系列教程(十)
  • 原文地址:https://www.cnblogs.com/imzhi/p/laravel5-upgrade-cookie-serialize.html
Copyright © 2020-2023  润新知