Ad

Laravel What Does The Session Table Column "payload" Contain, And How Can I Access This Data?

- 1 answer

I grabbed the only value from my sessions table locally, it is me I'm the only logged in user.

$data = DB::table('sessions')->get();

If I return the base64_decoded payload:

    return  base64_decode($data[0]->payload);

I get what looks like encrypted json.

a:5:{s:6:"_token";s:40:"IlIvr7p3qxeMRg0NxSaITHvIZ1c2HGCh5QSj8wIG";s:9:"_previous";a:1:{s:3:"url";s:28:"http://mytestsite.dev/index.php";}s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}s:8:"class_id";s:2:"14";s:9:"_sf2_meta";a:3:{s:1:"u";i:1453341204;s:1:"c";i:1453331047;s:1:"l";s:1:"0";}}

Is there a secure way to decrypt this JSON to retrieve the user id using Laravels methods?

Upon further investigation it may be that the session table does not contain the user info, it is just used to match with the browser cookie?

If this is the case, my ultimate question is how can I reasonably determine which users are currently logged in without creating update/inserts on the user record constantly on every page load, as suggested here: Can someone explain session table laravel

_________________________UPDATE

Ok from my further research I found that the cookie in the browser is the encrypted id of the sessm my further research I found that the cookie in the browser is the encrypted id of the session record.

        return Crypt::decrypt($cookie);

This leaves one final question, what does the payload column contain?

Ad

Answer

Ok so looks like Laravel 5.2 has this issue fixed.

Schema::create('sessions', function ($table) {
    $table->string('id')->unique();
    $table->integer('user_id')->nullable();
    $table->string('ip_address', 45)->nullable();
    $table->text('user_agent')->nullable();
    $table->text('payload');
    $table->integer('last_activity');
});
Ad
source: stackoverflow.com
Ad