5.6.31 : Exception after upgrade (encrypted cookie related) #25160

bmichotte · 2018-08-09T11:51:41Z

Laravel Version: 5.6.31
PHP Version: 7.1.17 & 7.2.6
Database Driver & Version: PostgreSQL 9.6.7 & 10.4

Description:

After upgrade to 5.6.31, I receive the following exception

SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: "s:123:"1" (SQL: select * from "users" where "id" = s:123:"1 limit 1) (View: resources/views/main.blade.php) (View: resources/views/main.blade.php) {"exception":"[object] (ErrorException(code: 0): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" (SQL: select * from \"users\" where \"id\" = s:123:\"1 limit 1) (View: resources/views/main.blade.php) (View: resources/views/main.blade.php) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, ErrorException(code: 0): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" (SQL: select * from \"users\" where \"id\" = s:123:\"1 limit 1) (View: resources/views/main.blade.php) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Illuminate\\Database\\QueryException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" (SQL: select * from \"users\" where \"id\" = s:123:\"1 limit 1) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Doctrine\\DBAL\\Driver\\PDOException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" at vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:144, PDOException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" at vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:142)
[stacktrace]
#0 vendor/laravel/framework/src/Illuminate/View/Engines/PhpEngine.php(45): Illuminate\\View\\Engines\\CompilerEngine->handleViewException(Object(ErrorException), 1)
#1 vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(59): Illuminate\\View\\Engines\\PhpEngine->evaluatePath('/Volumes/sd128/...', Array)
#2 vendor/laravel/framework/src/Illuminate/View/View.php(142): Illuminate\\View\\Engines\\CompilerEngine->get('/Volumes/sd128/...', Array)
#3 vendor/laravel/framework/src/Illuminate/View/View.php(125): Illuminate\\View\\View->getContents()
#4 vendor/laravel/framework/src/Illuminate/View/View.php(90): Illuminate\\View\\View->renderContents()
#5 vendor/laravel/framework/src/Illuminate/Http/Response.php(42): Illuminate\\View\\View->render()
#6 vendor/symfony/http-foundation/Response.php(202): Illuminate\\Http\\Response->setContent(Object(Illuminate\\View\\View))
#7 vendor/laravel/framework/src/Illuminate/Routing/Router.php(733): Symfony\\Component\\HttpFoundation\\Response->__construct(Object(Illuminate\\View\\View))
#8 vendor/laravel/framework/src/Illuminate/Routing/Router.php(705): Illuminate\\Routing\\Router::toResponse(Object(Illuminate\\Http\\Request), Object(Illuminate\\View\\View))
#9 vendor/laravel/framework/src/Illuminate/Routing/Router.php(665): Illuminate\\Routing\\Router->prepareResponse(Object(Illuminate\\Http\\Request), Object(Illuminate\\View\\View))
#10 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#11 vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#12 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#13 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#14 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(68): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#15 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#16 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#17 vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#18 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#19 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#20 app/Http/Middleware/Language.php(28): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#21 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): App\\Http\\Middleware\\Language->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#22 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#23 vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#24 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#25 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#26 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#27 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#28 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#29 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#30 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#31 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#32 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#33 vendor/laravel/framework/src/Illuminate/Routing/Router.php(667): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#34 vendor/laravel/framework/src/Illuminate/Routing/Router.php(642): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#35 vendor/laravel/framework/src/Illuminate/Routing/Router.php(608): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#36 vendor/laravel/framework/src/Illuminate/Routing/Router.php(597): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#37 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#38 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#39 vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#40 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#41 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#42 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#43 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#44 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#45 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#46 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#47 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#48 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#49 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#50 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#51 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(62): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#52 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#53 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#54 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#55 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#56 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#57 public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#58 /Users/benjamin/.composer/vendor/laravel/valet/server.php(147): require('/Volumes/sd128/...')
#59 {main}
"}

Steps To Reproduce:

The error is thrown from a blade template from @auth

As a workaround I surrounded the call

$model = $model->where($model->getAuthIdentifierName(), $identifier)->first();

on Illuminate\Auth\EloquentUserProvider.php line 66 with a try/catch

The text was updated successfully, but these errors were encountered:

staudenmeir · 2018-08-09T12:35:34Z

Did the cookie already exist before the upgrade?

bmichotte · 2018-08-09T12:37:00Z

For all already logged users, yes

LukeTowers · 2018-08-09T13:46:26Z

a2c54e6...c5dc9c8, affecting 5.5.42 as well, see octobercms/october#3681 (probably same issue)

bmichotte · 2018-08-09T13:50:20Z

From https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30

Disabling serialization on all cookie values will invalidate all of your application's sessions and users will need to log into the application again.

But it's not invalidating them...

staudenmeir · 2018-08-09T14:00:59Z

What session provider are you using?

I'm trying to reproduce this, but the invalidation of legacy cookies works for me.

When Laravel decrypts my session cookie, it receives the serialized session id (e.g. s:40:"GqeMDAP24IlaCTaLpPWjEgLl6AwuoN8NoZu48pvu";). Since there is no session with this id, Laravel doesn't authenticate the user.

Somehow, your application receives the serialized user id from the session. It then fails because PostgreSQL is strict about data types. MySQL would just return an empty query result.

bmichotte · 2018-08-09T14:12:05Z

@staudenmeir I'm using the file driver

staudenmeir · 2018-08-09T14:20:15Z

Are you using encrypted sessions (config.session.encrypt)?

bmichotte · 2018-08-09T14:20:52Z

No

staudenmeir · 2018-08-09T15:06:40Z

Do you have a legacy cookie you can use for debugging?

bmichotte · 2018-08-10T06:22:17Z

@staudenmeir, yes I do

eyJpdiI6IklLTElIR0p0Mm1aOTZKZU90SlRoWVE9PSIsInZhbHVlIjoiZFAwWHhoNER4VStOZFFWeStqS3RQd0dWckxhT1R2eXJFaDJWV1A3T2prT1hsREdXZkdXWjlQUUQrM3JUcm5XUWlGM0FBVGdXWmN3T083M1JTYkxLRWZodWhRZERhYmVSem1JaHZrQThsUFpVdXdyNXB5MjVwVW9uSzRmWlNrZUQrcjI0M0xaTWZOOWQwUU5cL1p1dFwvNWljMzdGQ3lGRVhHenhTRlhEcXlLZHE4T2pLUnRQQ1diQmllRFl3VHc5TjMiLCJtYWMiOiJhZTEwYWZhZTU5OGJiMjIyNmZiMmMwOWI4YTcxMTAyODVhNTlhZmY1MTliYWIwNDlmNzBmNGIwNzVkNzQ2ZWM3In0%3D

staudenmeir · 2018-08-10T13:36:41Z

Does updating to v5.6.33 fix your problem (#25167)?

bmichotte · 2018-08-11T12:48:10Z

@staudenmeir yes, it does, thanks !

jjanusch · 2018-08-20T16:21:34Z

This is definitely still a problem in 5.5.42 and the one workaround I've found for it, setting protected static $serialize = true; in the middleware, doesn't seem to fix it.

Jaspur · 2018-08-21T09:33:09Z

Still happening here too @staudenmeir (v5.5.42)

@jjanusch which middleware? then I'll use that workaround too as a quick fix

jjanusch · 2018-08-21T14:39:09Z

@Jaspur It's mentioned in https://laravel.com/docs/5.5/upgrade under "Configuring Cookie Serialization". That's the fix that was implemented by OctoberCMS and it seems to have worked well there (though I believe they use MySQL by default). In my case, my project using Postgres didn't got a completely different error when I applied that change. I ended up downgrading back to 5.5.40 for the time being and leaving my production projects as-is because it is unreasonable to ask all users to clear their cookies, especially when the site throws an error and I am unable to display anything to the user anyway

hohl · 2018-08-26T09:50:00Z

Just upgraded to 5.5.42 and all existing sessions throwing 404s until you clear the cookies manually. Caused by "invalid input syntax for integer: "s:123:"1"" expections related to the sessions and PostgreSQL. Seems like old sessions don't get invalidated automatically to me.

Manually clearing the session cache and renaming the session cookie didn't help either. It might be related to the "remember me" cookie, maybe?

javfres · 2018-08-27T07:56:39Z

I have the same error using Laravel 5.5.42 and PostgreSQL. I've tried to downgrade to an old version as @jjanusch suggested but I got another error if users where using the new generated cookie.

In my case is definitely related with the remember me cookie. I've done a ugly hack that removes that cookie. It's not really a solution but now the users can use the page after the first error. I use this code inside a middleware:

foreach ($cookies as $cookie => $value){
	// Bad cookie
	if(starts_with($cookie,'remember_') && str_contains($value,":")){
		Cookie::queue(Cookie::forget($cookie));
	}
}

staudenmeir · 2018-08-27T14:38:57Z

This will be fixed in the next release: #25301

staudenmeir · 2018-09-02T16:06:52Z

Laravel 5.5.43 has been released.

themsaid mentioned this issue Aug 9, 2018

[5.6] Make Auth/Recaller handle serialized and unserialized cookies #25167

Merged

tillkruss closed this as completed Aug 10, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5.6.31 : Exception after upgrade (encrypted cookie related) #25160

5.6.31 : Exception after upgrade (encrypted cookie related) #25160

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 9, 2018

LukeTowers commented Aug 9, 2018 •

edited

Loading

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 10, 2018

staudenmeir commented Aug 10, 2018

bmichotte commented Aug 11, 2018

jjanusch commented Aug 20, 2018

Jaspur commented Aug 21, 2018 •

edited

Loading

jjanusch commented Aug 21, 2018

hohl commented Aug 26, 2018 •

edited

Loading

javfres commented Aug 27, 2018

staudenmeir commented Aug 27, 2018

staudenmeir commented Sep 2, 2018

5.6.31 : Exception after upgrade (encrypted cookie related) #25160

5.6.31 : Exception after upgrade (encrypted cookie related) #25160

Comments

bmichotte commented Aug 9, 2018

Description:

Steps To Reproduce:

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 9, 2018

LukeTowers commented Aug 9, 2018 • edited Loading

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 9, 2018

staudenmeir commented Aug 9, 2018

bmichotte commented Aug 10, 2018

staudenmeir commented Aug 10, 2018

bmichotte commented Aug 11, 2018

jjanusch commented Aug 20, 2018

Jaspur commented Aug 21, 2018 • edited Loading

jjanusch commented Aug 21, 2018

hohl commented Aug 26, 2018 • edited Loading

javfres commented Aug 27, 2018

staudenmeir commented Aug 27, 2018

staudenmeir commented Sep 2, 2018

LukeTowers commented Aug 9, 2018 •

edited

Loading

Jaspur commented Aug 21, 2018 •

edited

Loading

hohl commented Aug 26, 2018 •

edited

Loading