October: Error after "composer update" or "composer install" [fixed]

Hi!
Have the same problem.

duplicate https://github.com/octobercms/october/issues/3680

when rolling back to version 5.5.41 another error

@jexme when rolling back, just clear cache and cookies. Works fine then.

@acasar thanks, its work

Relevant: https://laravel.com/docs/5.5/upgrade#upgrade-5.5.42 and https://github.com/laravel/framework/compare/a2c54e6e69035111fa2709f9cdac55be811feb6b...c5dc9c870a8a1af6c7e827dd81bd15f0a1561cc4

Fixed by https://github.com/octobercms/library/commit/c8e2740d974a4409f9990d64f19ef493acf7c0e6, apply manually until change is merged to master and a new build is created. If you have issues with the fix, make sure you clear the cache with php artisan cache:clear and delete all your cookies.

IMHO, this is still not fixed, because how do we clear the cookies on user's end?

@shoguniphicus it should only be an issue that requires clearing the cookies under a very narrow set of conditions:

You used composer to update Laravel 5.5.42 in the two days between it's release and the fix being released on October's end. There's not much we can do to help the developer in the case; unless you have a different fix in mind?

@LukeTowers, yeah I guess in the mean time while October team fixes this, we can only downgrade to 5.5.41, clear sessions, cookies.

But the status definitely cannot be marked as completed, because this issue is critical and causes downtime on site that requires authentication.

@shoguniphicus it has been fixed, @daftspunk just needs to push a new build. It's marked complete because https://github.com/octobercms/library/commit/c8e2740d974a4409f9990d64f19ef493acf7c0e6 fixed it.

I'll ping @daftspunk to push a new build so people stop encountering this.

I applied the fix, now the error is return $unserialize ? unserialize($decrypted) : $decrypted;
/Users/home/Code/klue/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php line 149

@HassanIbrahim did you clear your cookies?

@LukeTowers yes but solved by upgrading to release v1.0.440

I had this issue on October CMS 4.6.5 with PHP 7.1, I solve it using this code found in the URL:

https://coderoad.ru/51825844/OctoberCMS-openssl_encrypt-%D0%BE%D0%B6%D0%B8%D0%B4%D0%B0%D0%B5%D1%82-%D1%87%D1%82%D0%BE-%D0%BF%D0%B0%D1%80%D0%B0%D0%BC%D0%B5%D1%82%D1%80-1-%D0%B1%D1%83%D0%B4%D0%B5%D1%82-%D1%81%D1%82%D1%80%D0%BE%D0%BA%D0%BE%D0%B9-%D0%BC%D0%B0%D1%81%D1%81%D0%B8%D0%B2-%D0%B7%D0%B0%D0%B4%D0%B0%D0%BD

path file: vendor/october/rain/src/Cookie/Middleware/EncryptCookies.php

class EncryptCookies extends \Illuminate\Cookie\Middleware\EncryptCookies
{
    /**
     * Indicates if cookies should be serialized.
     *
     * @var bool
     */
    protected static $serialize = true;

    public function __construct(EncrypterContract $encrypter)
    {
        parent::__construct($encrypter);
        $except = Config::get('cookie.unencryptedCookies', []);
        $this->disableFor($except);
    }

@WebMago do not do that. That file will be overwritten the next time you update and by doing that you are leaving yourself vulnerable to the attack that the change was meant to prevent.

You should not have any issues with Build 465 after clearing your cookies, and if you are try enabling edge updates and updating to Build 467 instead.

@WebMago do not do that. That file will be overwritten the next time you update and by doing that you are leaving yourself vulnerable to the attack that the change was meant to prevent.

You should not have any issues with Build 465 after clearing your cookies, and if you are try enabling edge updates and updating to Build 467 instead.

Here the user mention has been cleared the cookies, never confirm this be the solution, 'cause the solution was an upgrade.
https://github.com/octobercms/october/issues/3681#issuecomment-413858563

So I need to clear the cookies of all my "users" this be insane.

Let me try wit 467

There should no longer be that requirement, the code is supposed to support both versions and upgrade the old cookies.