Reputation: 1627
Laravel Cookies weird behaviour - always sets the same value
I'm having an issue setting cookies in Laravel 5.6. I'm currently working on logging in with Facebook, and have it all working as expected except that the Access Token won't store correctly in the Cookies. For some reason, it keeps storing a value which I am not familiar with and I can't figure out why.
To test this, I have modified my callback function to set a test cookie, and the same behaviour happens.
Here is my route which is being called:
Route::get('{provider}/callback', 'Auth\LoginController@handleProviderCallback');
Here is my handleProviderCallback method:
public function handleProviderCallback(string $provider)
{
Cookie::queue(Cookie::make('fb', 'test', 1000, '/', config('session.domain'), config('session.secure'), config('session.http_only')));
return redirect('/');
}
And here is the cookie which is then set to fb:
eyJpdiI6IkFROTRzU2ZhTGQwXC9DOHZoR3lqVDZnPT0iLCJ2YWx1ZSI6ImpqWE8wSVpDRzBzT1p2WGxPdE5pYlE9PSIsIm1hYyI6IjA5NzYxODQ0MmFkZmE2NDQ1YmU5Zjg2Y2NmNjU1N2RhZmVmNjcxZjJmYjhmZmViMWEwZGU5NTE5ZDYxMWY2ZjAifQ==
I have tried this using actual values of course, which is why I have now reverted to just a test value to see what is happening. I have tried clearing all my cookies and cache, as well as trying it in both Chrome and Safari.
Why is it always setting a eyJ... value instead of the value I tell it to?
Upvotes: 3
Views: 1993
Answers (1)
Reputation: 8385
Laravel encrypts & base64 encodes all cookies by default using App\Http\Middleware\EncryptCookies, so when you base64 decode the string you will get
{"iv":"AQ94sSfaLd0\/C8vhGyjT6g==","value":"jjXO0IZCG0sOZvXlOtNibQ==","mac":"097618442adfa6445be9f86ccf6557dafef671f2fb8ffeb1a0de9519d611f6f0"}
which is encrypted data, actually only jjXO0IZCG0sOZvXlOtNibQ== is encrypted the rest is just meta data used for decryption with APP_KEY.
Also value jjXO0IZCG0sOZvXlOtNibQ== is base64 encoded, after decoding it you get 5ІBKf:bm, which is the real encrypted value.
Note:
eyJbase64 decoded is{"which is beginning of JSON.
You can read about application key / Laravel's encryption more in this answer https://stackoverflow.com/a/49445587/1564365.
You can disable encryption for testing (I mean debugging) in App\Http\Middleware\EncryptCookies middleware by setting $except = ['fb'], or just remove the middleware from kernel.php (comment it out!, and uncomment it later for production).
Upvotes: 7
Related Questions
- Laravel Session always changes every refresh / request in Laravel 5.4
- Laravel set cookie not working
- Can't set cookies in Laravel
- laravel session cookie not being set
- Laravel same cookie values
- Laravel 5.4 Cookie Value
- Laravel 5.5 Cookie doesn't store
- Laravel 5.1 Cookie Issue
- Cookie not getting set in laravel
- PHP $_COOKIE is not entirely populated