Fix on old cookie format decryption
LV 4.x uses MCRYPT_RIJNDAEL_128 and LV 5.x AES-256-CBC so there was a conflict between algoriths, fix its delete the session cookie if it cant be decrypted so user will get logged out if its has an older one. Change-Id: I4c2339230698c08186b198cba99d5f2523dce1d4
This commit is contained in:
parent
6b0d6c36af
commit
c093873423
|
@ -1,7 +1,8 @@
|
|||
<?php namespace App\Http\Middleware;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;
|
||||
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
/***
|
||||
* Class EncryptCookies
|
||||
* @package App\Http\Middleware
|
||||
|
@ -16,4 +17,24 @@ class EncryptCookies extends BaseEncrypter
|
|||
protected $except = [
|
||||
//
|
||||
];
|
||||
|
||||
protected function decrypt(Request $request)
|
||||
{
|
||||
foreach ($request->cookies as $key => $c) {
|
||||
if ($this->isDisabled($key)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
try {
|
||||
$request->cookies->set($key, $this->decryptCookie($c));
|
||||
} catch (DecryptException $e) {
|
||||
$request->cookies->set($key, null);
|
||||
}
|
||||
catch(\ErrorException $e1){
|
||||
$request->cookies->set($key, null);
|
||||
}
|
||||
}
|
||||
|
||||
return $request;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue