Geek Answers Handbook

Sharing a laravel 4 session using nodejs express

I am trying to get the laravel session id from a cookie in the nodejs header.

I have tried so far:

function nodeDecrypt(data, key, iv) { var decipher = crypto.createDecipheriv('aes-256-cbc', key, iv); var chunks = [] chunks.push(decipher.update(chunk.toString(),'hex','binary')) chunks.push(decipher.final('binary')) return chunks.join('') } var cookie = JSON.parse(new Buffer(req.cookies.gjsess, 'base64')); var iv = new Buffer(cookie.iv, 'base64'); var value = new Buffer(cookie.value, 'base64'); var dec = nodeDecrypt(value, 'YourSecretKey!!!', iv);

But so far I keep getting Invalid IV length 32 .

YourSecretKey!!! is the key found on app.php laravel 4.

Laravel encryption mechanism:

 protected $cipher = 'rijndael-256'; protected $mode = 'cbc'; protected $block = 32;

...

 $payload = $this->getJsonPayload($payload); $value = base64_decode($payload['value']); $iv = base64_decode($payload['iv']); return unserialize($this->stripPadding($this->mcryptDecrypt($value, $iv)));

...

 return mcrypt_decrypt($this->cipher, $this->key, $value, $this->mode, $iv);

...

 $this->app->bindShared('encrypter', function($app) { return new Encrypter($app['config']['app.key']); });

other attempts

 var cookie = JSON.parse(new Buffer(req.cookies.gjsess, 'base64')); var iv = new Buffer(cookie.iv, 'base64'); var value = new Buffer(cookie.value, 'base64'); var MCrypt = require('mcrypt').MCrypt; var desEcb = new MCrypt('rijndael-256', 'cbc'); desEcb.open('YourSecretKey!!!'); var plaintext = desEcb.decrypt(value, 'base64');

This does not give an error, but still gets useless data.

+7
laravel-4
source share
2 answers
Finally, I get it too! Here is my solution. Works great for me.
 // requirements var PHPUnserialize = require('php-unserialize'); // npm install php-unserialize var MCrypt = require('mcrypt').MCrypt; // npm install mcrypt // helper function function ord( string ) { // Return ASCII value of character // // + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) return string.charCodeAt(0); } function getSessionIdFromLaravelCookie() { var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64')); var iv = new Buffer(cookie.iv, 'base64'); var value = new Buffer(cookie.value, 'base64'); var key = "_Encryption Key_"; var rijCbc = new MCrypt('rijndael-256', 'cbc'); rijCbc.open(key, iv); // it very important to pass iv argument! var decrypted = rijCbc.decrypt(value).toString(); var len = decrypted.length - 1; var pad = ord(decrypted.charAt(len)); var sessionId = PHPUnserialize.unserialize(decrypted.substr(0, decrypted.length - pad)); return sessionId; }
+8
source share

Extending the answer to @ 7sides, I came up with the following. This is to get the session id from the laravel cookie, specifically for laravel 5.1, since it now uses aes-256-cbc.

 var app = require('express')(); var http = require('http').Server(app); var io = require('socket.io')(http); var cookieParser = require('socket.io-cookie-parser'); var PHPUnserialize = require('php-unserialize'); var Crypto = require('crypto'); io.use(cookieParser()); function getSessionIdFromLaravelCookie(req) { var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64')); var iv = new Buffer(cookie.iv, 'base64'); var value = new Buffer(cookie.value, 'base64'); var key = "--encryption-key--"; var decipher = Crypto.createDecipheriv('aes-256-cbc', key, iv); decipher.setAutoPadding(false) var dec = Buffer.concat([decipher.update(value), decipher.final()]); var sessionId = PHPUnserialize.unserialize(dec); return sessionId; }
+2
source share

More articles:


All Articles