Framework: 5.6.31 : Exception after upgrade (encrypted cookie related)

Created on 9 Aug 2018  路  19Comments  路  Source: laravel/framework
  • Laravel Version: 5.6.31
  • PHP Version: 7.1.17 & 7.2.6
  • Database Driver & Version: PostgreSQL 9.6.7 & 10.4

Description:

After upgrade to 5.6.31, I receive the following exception

SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: "s:123:"1" (SQL: select * from "users" where "id" = s:123:"1 limit 1) (View: resources/views/main.blade.php) (View: resources/views/main.blade.php) {"exception":"[object] (ErrorException(code: 0): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" (SQL: select * from \"users\" where \"id\" = s:123:\"1 limit 1) (View: resources/views/main.blade.php) (View: resources/views/main.blade.php) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, ErrorException(code: 0): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" (SQL: select * from \"users\" where \"id\" = s:123:\"1 limit 1) (View: resources/views/main.blade.php) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Illuminate\\Database\\QueryException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" (SQL: select * from \"users\" where \"id\" = s:123:\"1 limit 1) at vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, Doctrine\\DBAL\\Driver\\PDOException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" at vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:144, PDOException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR:  invalid input syntax for integer: \"s:123:\"1\" at vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:142)
[stacktrace]
#0 vendor/laravel/framework/src/Illuminate/View/Engines/PhpEngine.php(45): Illuminate\\View\\Engines\\CompilerEngine->handleViewException(Object(ErrorException), 1)
#1 vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(59): Illuminate\\View\\Engines\\PhpEngine->evaluatePath('/Volumes/sd128/...', Array)
#2 vendor/laravel/framework/src/Illuminate/View/View.php(142): Illuminate\\View\\Engines\\CompilerEngine->get('/Volumes/sd128/...', Array)
#3 vendor/laravel/framework/src/Illuminate/View/View.php(125): Illuminate\\View\\View->getContents()
#4 vendor/laravel/framework/src/Illuminate/View/View.php(90): Illuminate\\View\\View->renderContents()
#5 vendor/laravel/framework/src/Illuminate/Http/Response.php(42): Illuminate\\View\\View->render()
#6 vendor/symfony/http-foundation/Response.php(202): Illuminate\\Http\\Response->setContent(Object(Illuminate\\View\\View))
#7 vendor/laravel/framework/src/Illuminate/Routing/Router.php(733): Symfony\\Component\\HttpFoundation\\Response->__construct(Object(Illuminate\\View\\View))
#8 vendor/laravel/framework/src/Illuminate/Routing/Router.php(705): Illuminate\\Routing\\Router::toResponse(Object(Illuminate\\Http\\Request), Object(Illuminate\\View\\View))
#9 vendor/laravel/framework/src/Illuminate/Routing/Router.php(665): Illuminate\\Routing\\Router->prepareResponse(Object(Illuminate\\Http\\Request), Object(Illuminate\\View\\View))
#10 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#11 vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#12 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#13 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#14 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(68): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#15 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#16 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#17 vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#18 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#19 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#20 app/Http/Middleware/Language.php(28): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#21 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): App\\Http\\Middleware\\Language->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#22 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#23 vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#24 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#25 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#26 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#27 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#28 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#29 vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#30 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#31 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#32 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#33 vendor/laravel/framework/src/Illuminate/Routing/Router.php(667): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#34 vendor/laravel/framework/src/Illuminate/Routing/Router.php(642): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#35 vendor/laravel/framework/src/Illuminate/Routing/Router.php(608): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#36 vendor/laravel/framework/src/Illuminate/Routing/Router.php(597): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#37 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#38 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#39 vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#40 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#41 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#42 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#43 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#44 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#45 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#46 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#47 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#48 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#49 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#50 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#51 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(62): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#52 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#53 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#54 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#55 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#56 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#57 public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#58 /Users/benjamin/.composer/vendor/laravel/valet/server.php(147): require('/Volumes/sd128/...')
#59 {main}
"}

Steps To Reproduce:

The error is thrown from a blade template from @auth

As a workaround I surrounded the call 

$model = $model->where($model->getAuthIdentifierName(), $identifier)->first();

on Illuminate\Auth\EloquentUserProvider.php line 66 with a try/catch

picture bmichotte

Most helpful comment

@Jaspur It's mentioned in https://laravel.com/docs/5.5/upgrade under "Configuring Cookie Serialization". That's the fix that was implemented by OctoberCMS and it seems to have worked well there (though I believe they use MySQL by default). In my case, my project using Postgres didn't got a completely different error when I applied that change. I ended up downgrading back to 5.5.40 for the time being and leaving my production projects as-is because it is unreasonable to ask all users to clear their cookies, especially when the site throws an error and I am unable to display anything to the user anyway

picture jjanusch on 21 Aug 2018
👍2

All 19 comments

Did the cookie already exist before the upgrade?

staudenmeir picture staudenmeir on 9 Aug 2018

For all already logged users, yes

bmichotte picture bmichotte on 9 Aug 2018

https://github.com/laravel/framework/compare/a2c54e6e69035111fa2709f9cdac55be811feb6b...c5dc9c870a8a1af6c7e827dd81bd15f0a1561cc4, affecting 5.5.42 as well, see https://github.com/octobercms/october/issues/3681 (probably same issue)

LukeTowers picture LukeTowers on 9 Aug 2018

From https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30

Disabling serialization on all cookie values will invalidate all of your application's sessions and users will need to log into the application again.

But it's not invalidating them...

bmichotte picture bmichotte on 9 Aug 2018

What session provider are you using?

I'm trying to reproduce this, but the invalidation of legacy cookies works for me.

When Laravel decrypts my session cookie, it receives the serialized session id (e.g. s:40:"GqeMDAP24IlaCTaLpPWjEgLl6AwuoN8NoZu48pvu";). Since there is no session with this id, Laravel doesn't authenticate the user.

Somehow, your application receives the serialized user id from the session. It then fails because PostgreSQL is strict about data types. MySQL would just return an empty query result.

staudenmeir picture staudenmeir on 9 Aug 2018

@staudenmeir I'm using the file driver

bmichotte picture bmichotte on 9 Aug 2018

Are you using encrypted sessions (config.session.encrypt)?

staudenmeir picture staudenmeir on 9 Aug 2018

No

bmichotte picture bmichotte on 9 Aug 2018

Do you have a legacy cookie you can use for debugging?

staudenmeir picture staudenmeir on 9 Aug 2018

@staudenmeir, yes I do

eyJpdiI6IklLTElIR0p0Mm1aOTZKZU90SlRoWVE9PSIsInZhbHVlIjoiZFAwWHhoNER4VStOZFFWeStqS3RQd0dWckxhT1R2eXJFaDJWV1A3T2prT1hsREdXZkdXWjlQUUQrM3JUcm5XUWlGM0FBVGdXWmN3T083M1JTYkxLRWZodWhRZERhYmVSem1JaHZrQThsUFpVdXdyNXB5MjVwVW9uSzRmWlNrZUQrcjI0M0xaTWZOOWQwUU5cL1p1dFwvNWljMzdGQ3lGRVhHenhTRlhEcXlLZHE4T2pLUnRQQ1diQmllRFl3VHc5TjMiLCJtYWMiOiJhZTEwYWZhZTU5OGJiMjIyNmZiMmMwOWI4YTcxMTAyODVhNTlhZmY1MTliYWIwNDlmNzBmNGIwNzVkNzQ2ZWM3In0%3D
bmichotte picture bmichotte on 10 Aug 2018

Does updating to v5.6.33 fix your problem (#25167)?

staudenmeir picture staudenmeir on 10 Aug 2018

@staudenmeir yes, it does, thanks !

bmichotte picture bmichotte on 11 Aug 2018

This is definitely still a problem in 5.5.42 and the one workaround I've found for it, setting protected static $serialize = true; in the middleware, doesn't seem to fix it.

jjanusch picture jjanusch on 20 Aug 2018

Still happening here too @staudenmeir (v5.5.42)

@jjanusch which middleware? then I'll use that workaround too as a quick fix

Jaspur picture Jaspur on 21 Aug 2018

@Jaspur It's mentioned in https://laravel.com/docs/5.5/upgrade under "Configuring Cookie Serialization". That's the fix that was implemented by OctoberCMS and it seems to have worked well there (though I believe they use MySQL by default). In my case, my project using Postgres didn't got a completely different error when I applied that change. I ended up downgrading back to 5.5.40 for the time being and leaving my production projects as-is because it is unreasonable to ask all users to clear their cookies, especially when the site throws an error and I am unable to display anything to the user anyway

jjanusch picture jjanusch on 21 Aug 2018
👍2

Just upgraded to 5.5.42 and all existing sessions throwing 404s until you clear the cookies manually. Caused by "invalid input syntax for integer: "s:123:"1"" expections related to the sessions and PostgreSQL. Seems like old sessions don't get invalidated automatically to me.

Manually clearing the session cache and renaming the session cookie didn't help either. It might be related to the "remember me" cookie, maybe?

hohl picture hohl on 26 Aug 2018

I have the same error using Laravel 5.5.42 and PostgreSQL. I've tried to downgrade to an old version as @jjanusch suggested but I got another error if users where using the new generated cookie.

In my case is definitely related with the _remember me_ cookie. I've done a ugly hack that removes that cookie. It's not really a solution but now the users can use the page after the first error. I use this code inside a middleware:

$cookies = Cookie::get(); foreach ($cookies as $cookie => $value){ // Bad cookie if(starts_with($cookie,'remember_') && str_contains($value,":")){ Cookie::queue(Cookie::forget($cookie)); } }

javfres picture javfres on 27 Aug 2018

This will be fixed in the next release: #25301

staudenmeir picture staudenmeir on 27 Aug 2018

Laravel 5.5.43 has been released.

staudenmeir picture staudenmeir on 2 Sep 2018
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

easmith picture easmith  路  69Comments
sebastianbergmann picture sebastianbergmann  路  93Comments
mstnorris picture mstnorris  路  87Comments
mianshargeel picture mianshargeel  路  59Comments
Xerotherm1c picture Xerotherm1c  路  70Comments