Menu
I've spent a little while trying to trace the root cause of a particular Laravel bug since the original GitHub issue was closed without resolution.
After some time of experimenting I discovered that the session was being regenerated because the laravel_session cookie was set to null. Tracing this back as far as possible, I found that in index.php -- before Laravel ever loads -- the value of $_COOKIE is corrupt... sometimes
About 90% of the time when I make a call to my app, my cookies look like so:
array:7 [
"__unam" => "bc7c68-14f8d12a5ef-43097c02-213"
"__utma" => "152883115.857409601.1438038184.1440538193.1440976773.14"
"__utmc" => "152883115"
"__utmz" => "152883115.1435960225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
"PHPSESSID" => "k8qvmt8ccbhcqepbn7mib8kra6"
"XSRF-TOKEN" => "eyJpdiI6IlJGd2M1WHlRcnhpeGtobFZpVlZaWmc9PSIsInZhbHVlIjoiMXhFSnlHeTZKbkc5NWxYcFwvNkNUTkNXeVpROWIweGJkczhIXC9LVStNMVlvSjFoRmttTXlLeTVOS01JM0wrN2FCdjVvQzM2RHNwRjJQcGlTNWZyelM2QT09IiwibWFjIjoiZDdjMzk1Zjg0YWUzYjhlNzUyYmQ4NzAwNTFhZWIwNDM1MDQyYmMwZjZkODllMTVlMGMxNTVjZjBmNTlmMTlkNiJ9"
"laravel_session" => "eyJpdiI6InV4YmFFTzJxTTdrVGlPdjVQZkszS1E9PSIsInZhbHVlIjoieGdsYzJTYTlqY3k4MzFIR2l6b2ZSaFwvK1RmdGg1UUhYR2dkdVpmNVVvcHoyMm5yRUpMUWRGRjVZd3ZUXC81OXl1QnpBRnR3a05kNXp1MEFoV2pLTmpIdz09IiwibWFjIjoiOThjMTU1MTE0ZTRjM2E2MGEzNGQ0MTcwODNhZmNlODMyZjM0MGViMjdmZjliMWZhNjE2M2Q0YzFlNWQxZDZiYyJ9"
]
But then 10% of the time, it looks like so:
array:7 [
"__unam" => "bc7c68-14f8d12a5ef-43097c02-213"
"__utma" => "152883115.857409601.1438038184.1440538193.1440976773.14"
"__utmc" => "152883115"
"__utmz" => "152883115.1435960225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
"PHPSESSID" => "k8qvmt8ccbhcqepbn7mib8kra6"
"XSRF-TOKEN" => "eyJpdiI6IlJGd2M1WHlRcnhpeGtobFZpVlZaWmc9PSIsInZhbHVlIjoiMXhFSnlHeTZKbkc5NWxYcFwvNkNUTkNXeVpROWIweGJkczhIXC9LVStNMVlvSjFoRmttTXlLeTVOS01JM0wrN2FCdjVvQzM2RHNwRjJQcGlTNWZyelM2QT09IiwibWFjIjoiZDdjMzk1Zjg0YWUzYjhlNzUyYmQ4NzAwNTFhZWIwNDM1MDQyYmMwZjZkODllMTVlMGMxNTVjZjBmNTlmMTlkNiJ9"
"laravel_session" => "eyJpdiI6InV4YmFFTzJxTTdrVGlPdjVQZkszS1E9PSIsInZhbHVlIjoieGdsYzJTYTlqY3k4MzFIR2l6b2ZSaFwvK1RmdGg1UUhYR2dkdVpmNVVvcHoyMm5yRUpMUWRGRjVZd3Z"
]
Using a web proxy (Charles) to monitor network traffic, the issue is not on my end -- the full cookie string is being sent, but the server is only seeing a partial message (the laravel_session cookie gets cut off)
Every time the issue occurs, it gets cut off at the exact same spot: 678 bytes after the start of the cookie string (1435 bytes into the raw HTTP request text). Strangely the request body is transmitted with no harm, and this comes after the cookie string in the raw HTTP request, so it's not a matter of the TCP connection failing out.
PATCH /api/employees/1 HTTP/1.1
Host: www.mywebsite.com
Content-Length: 23
Accept: application/json, text/plain, */*
Origin: http://www.mywebsite.com
X-XSRF-TOKEN: eyJpdiI6IlJGd2M1WHlRcnhpeGtobFZpVlZaWmc9PSIsInZhbHVlIjoiMXhFSnlHeTZKbkc5NWxYcFwvNkNUTkNXeVpROWIweGJkczhIXC9LVStNMVlvSjFoRmttTXlLeTVOS01JM0wrN2FCdjVvQzM2RHNwRjJQcGlTNWZyelM2QT09IiwibWFjIjoiZDdjMzk1Zjg0YWUzYjhlNzUyYmQ4NzAwNTFhZWIwNDM1MDQyYmMwZjZkODllMTVlMGMxNTVjZjBmNTlmMTlkNiJ9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://www.mywebsite.com/admin/employees?location=1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: __unam=bc7c68-14f8d12a5ef-43097c02-213; __utma=152883115.857409601.1438038184.1440538193.1440976773.14; __utmc=152883115; __utmz=152883115.1435960225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=k8qvmt8ccbhcqepbn7mib8kra6; XSRF-TOKEN=eyJpdiI6IlJGd2M1WHlRcnhpeGtobFZpVlZaWmc9PSIsInZhbHVlIjoiMXhFSnlHeTZKbkc5NWxYcFwvNkNUTkNXeVpROWIweGJkczhIXC9LVStNMVlvSjFoRmttTXlLeTVOS01JM0wrN2FCdjVvQzM2RHNwRjJQcGlTNWZyelM2QT09IiwibWFjIjoiZDdjMzk1Zjg0YWUzYjhlNzUyYmQ4NzAwNTFhZWIwNDM1MDQyYmMwZjZkODllMTVlMGMxNTVjZjBmNTlmMTlkNiJ9; laravel_session=eyJpdiI6InV4YmFFTzJxTTdrVGlPdjVQZkszS1E9PSIsInZhbHVlIjoieGdsYzJTYTlqY3k4MzFIR2l6b2ZSaFwvK1RmdGg1UUhYR2dkdVpmNVVvcHoyMm5yRUpMUWRGRjVZd3ZUXC81OXl1QnpBRnR3a05kNXp1MEFoV2pLTmpIdz09IiwibWFjIjoiOThjMTU1MTE0ZTRjM2E2MGEzNGQ0MTcwODNhZmNlODMyZjM0MGViMjdmZjliMWZhNjE2M2Q0YzFlNWQxZDZiYyJ9
{"id":"1","show":false}
I'm using PHP's built-in development server (php -S 0.0.0.0:80). I tried using Apache to see if it resolves the issue and while it seems like the cookie string always comes across correctly with Apache, I've got another error where PHP utterly crashes and burns upon hitting a file_put_contents call. I have the following code:
try {
echo "Writing... (LOCK_EX: " . LOCK_EX . ")<br />\n";
file_put_contents($path, $contents, $lock ? LOCK_EX : 0);
echo "Done.";
} catch( Exception $e ) {
echo "WHAT";
}
echo "Failed?";
Which is returning only Writing... (LOCK_EX: 2)<br />\n
None of "Done.", "WHAT", or "Failed?" are displayed.
Looking as ps all to see if the server was hanging, I don't even see the Apache process. However I know Apache is running because if I stop Apache (sudo apachectl stop) I stop getting any response from the server
4 0 807 1 20 0 15820 912 n_tty_ Ss+ tty4 0:00 /sbin/getty -8 38400 tty4
4 0 810 1 20 0 15820 916 n_tty_ Ss+ tty5 0:00 /sbin/getty -8 38400 tty5
4 0 815 1 20 0 15820 916 n_tty_ Ss+ tty2 0:00 /sbin/getty -8 38400 tty2
4 0 816 1 20 0 15820 920 n_tty_ Ss+ tty3 0:00 /sbin/getty -8 38400 tty3
4 0 819 1 20 0 15820 916 n_tty_ Ss+ tty6 0:00 /sbin/getty -8 38400 tty6
4 0 1029 1 20 0 15820 916 n_tty_ Ss+ tty1 0:00 /sbin/getty -8 38400 tty1
0 0 1057 9241 20 0 10016 880 - R+ pts/2 0:00 ps all
0 0 5278 9239 20 0 12404 1212 wait Ss pts/8 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 5279 5278 20 0 22708 3660 n_tty_ S+ pts/8 0:00 bash -l
0 0 9240 9239 20 0 12404 1144 wait Ss pts/2 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 9241 9240 20 0 22776 3868 wait S pts/2 0:00 bash -l
0 0 9287 9239 20 0 12404 1148 wait Ss pts/4 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 9288 9287 20 0 22792 4040 n_tty_ S+ pts/4 0:02 bash -l
0 0 10740 9239 20 0 12404 1152 wait Ss pts/5 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 10741 10740 20 0 22756 3836 n_tty_ S+ pts/5 0:00 bash -l
0 0 17522 17476 20 0 1924 512 poll_s Ss+ pts/1 0:00 /root/.c9/bin/tmux -u2 -L cloud91.9 attach -t user@server_668 -d
0 0 18258 17476 20 0 1924 516 poll_s Ss+ pts/3 0:00 /root/.c9/bin/tmux -u2 -L cloud91.9 attach -t user@server_14 -d
0 0 20097 9239 20 0 12404 1204 wait Ss pts/9 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 20098 20097 20 0 22708 3808 wait S pts/9 0:00 bash -l
0 0 20134 20098 20 0 103624 2880 n_tty_ S+ pts/9 0:00 mysql -u root -p
0 0 30986 17476 20 0 1924 516 poll_s Ss+ pts/7 0:00 /root/.c9/bin/tmux -u2 -L cloud91.9 attach -t user@server_836 -d
0 0 31599 9239 20 0 12404 1204 wait Ss pts/6 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 31603 31599 20 0 22708 3636 n_tty_ S+ pts/6 0:00 bash -l
0 0 31632 9239 20 0 12404 1152 wait Ss pts/10 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 31633 31632 20 0 22760 3828 n_tty_ S+ pts/10 0:00 bash -l
0 0 31811 9239 20 0 12404 1152 wait Ss pts/12 0:00 bash -c export ISOUTPUTPANE=0;bash -l
0 0 31812 31811 20 0 22708 3520 n_tty_ S+ pts/12 0:00 bash -l
I'm really not sure what's going on (why Apache is failing or why the PHP built-in server is cutting off my $_COOKIE variable).
As a final note, I've already checked the permissions on the file I'm attempting to write to:
-rwxr-xr-x 1 root root 10629 Mar 12 13:14 services.json
So it's not that.
Per @Siguza's suggestion, I tried adding another cookie to see what would happen. Upon first inspection it looked like there was some very strange behavior going on when I ran dd( $request->cookies ) before decryption:
Success
ParameterBag {#40
#parameters: array:9 [
"PHPSESSID" => "k8qvmt8ccbhcqepbn7mib8kra6"
"__unam" => "bc7c68-14f8d12a5ef-43097c02-217"
"__utma" => "152883115.857409601.1438038184.1440976773.1441571912.15"
"__utmb" => "152883115.4.9.1441572254693"
"__utmc" => "152883115"
"__utmz" => "152883115.1435960225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
"yetAnotherCookie" => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
"XSRF-TOKEN" => "eyJpdiI6ImVqcW1cL09cL3oyQ0ZIcFBiQTRmZXFKUT09IiwidmFsdWUiOiJEbzV0NHcraGNmd3BMb0hibG5uNm9UTnhvNlV4bVRCVWRHOWFBM3VrOG0wZ2Z2NmF5QnpuNFh6a1dYdmhcL2pmWUtIb2lsOGdBS29xV0hvNnFOQktxR2c9PSIsIm1hYyI6IjRjMjU4ZWYxMTJkZTQ1NTU2YWQ3M2EwZjAzZDQwNDI4YzNmOTJjYTVhZTUzZTg4MzFmNTUxZDFkMTljNDBjZjkifQ=="
"laravel_session" => "eyJpdiI6IkRkcGNLRE9KK3hkOFRNdzFXQzQreWc9PSIsInZhbHVlIjoiQm1qN2lNa2pTQTE2ZTQxUzJxbExGYnhheFhjUkQwMEpybEQ3XC9cL0pDMzA1MXdEeHF3a09qbnRKTjdPMzRKdjdBeFFNQ1hkamw1THFQanlnUURoRjJndz09IiwibWFjIjoiYTkzNjdmYjYyYTMzODM2MmY2MjQyNzZhNDQ1YjY2NzQ3OTFiZjVjODIyZmYzYmE3YjhlNGM1ZjQ2NTk1MTczNyJ9"
]
}
Failure
ParameterBag {#40
#parameters: array:8 [
"PHPSESSID" => "k8qvmt8ccbhcqepbn7mib8kra6"
"__unam" => "bc7c68-14f8d12a5ef-43097c02-217"
"__utma" => "152883115.857409601.1438038184.1440976773.1441571912.15"
"__utmb" => "152883115.4.9.1441572254693"
"__utmc" => "152883115"
"__utmz" => "152883115.1435960225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
"XSRF-TOKEN" => "eyJpdiI6ImVqcW1cL09cL3oyQ0ZIcFBiQTRmZXFKUT09IiwidmFsdWUiOiJEbzV0NHcraGNmd3BMb0hibG5uNm9UTnhvNlV4bVRCVWRHOWFBM3VrOG0wZ2Z2NmF5QnpuNFh6a1dYdmhcL2pmWUtIb2lsOGdBS29xV0hvNnFOQktxR2c9PSIsIm1hYyI6IjRjMjU4ZWYxMTJkZTQ1NTU2YWQ3M2EwZjAzZDQwNDI4YzNmOTJjYTVhZTUzZTg4MzFmNTUxZDFkMTljNDBjZjkifQ=="
"laravel_session" => "eyJpdiI6IkRkcGNLRE9KK3hkOFRNdzFXQzQreWc9PSIsInZhbHVlIjoiQm1qN2lNa2pTQTE2ZTQxUzJxbExGYnhheFhjUkQwM"
]
}
Strangely the new cookie I added (yetAnotherCookie) is entirely gone while the laravel session still gets truncated. Inspecting the HTTP request, I noticed that yetAnotherCookie was appended at the end, so truncating the whole string would reasonably remove it from the list:
PHPSESSID=k8qvmt8ccbhcqepbn7mib8kra6; __unam=bc7c68-14f8d12a5ef-43097c02-217; __utma=152883115.857409601.1438038184.1440976773.1441571912.15; __utmb=152883115.4.9.1441572254693; __utmc=152883115; __utmz=152883115.1435960225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); XSRF-TOKEN=eyJpdiI6ImVqcW1cL09cL3oyQ0ZIcFBiQTRmZXFKUT09IiwidmFsdWUiOiJEbzV0NHcraGNmd3BMb0hibG5uNm9UTnhvNlV4bVRCVWRHOWFBM3VrOG0wZ2Z2NmF5QnpuNFh6a1dYdmhcL2pmWUtIb2lsOGdBS29xV0hvNnFOQktxR2c9PSIsIm1hYyI6IjRjMjU4ZWYxMTJkZTQ1NTU2YWQ3M2EwZjAzZDQwNDI4YzNmOTJjYTVhZTUzZTg4MzFmNTUxZDFkMTljNDBjZjkifQ%3D%3D; laravel_session=eyJpdiI6IkRkcGNLRE9KK3hkOFRNdzFXQzQreWc9PSIsInZhbHVlIjoiQm1qN2lNa2pTQTE2ZTQxUzJxbExGYnhheFhjUkQwMEpybEQ3XC9cL0pDMzA1MXdEeHF3a09qbnRKTjdPMzRKdjdBeFFNQ1hkamw1THFQanlnUURoRjJndz09IiwibWFjIjoiYTkzNjdmYjYyYTMzODM2MmY2MjQyNzZhNDQ1YjY2NzQ3OTFiZjVjODIyZmYzYmE3YjhlNGM1ZjQ2NTk1MTczNyJ9; yetAnotherCookie=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
I cleared all of my cookies for the domain and tried again:
Success
ParameterBag {#40
#parameters: array:4 [
"__unam" => "bc7c68-14f8d12a5ef-43097c02-217"
"XSRF-TOKEN" => "eyJpdiI6ImV6aklvVVNwZHdCMThON1hQOW9rcmc9PSIsInZhbHVlIjoiWlY1aGdQamJ1Y2FQTGxTUDZTTmxPK2xLZm5xZG15enlVXC95RXhRMHNqbm9udkp5T3NnR3FBQ0dxRWEzYTdIVUFveHA1TTZkV2lTcGlcL1wvalQzQ09QbUE9PSIsIm1hYyI6IjYyMzM5MGM4MjYxNzYzNmI5NGYyZDFmMTU3M2M4NTA5NzBlYjZlMGZmMmViM2QzNjlhZjZmNTdlMmE4ZmRjMmUifQ=="
"laravel_session" => "eyJpdiI6Illzd2xnalRXVzhKaVI0blRQUUtiNXc9PSIsInZhbHVlIjoiKzVaQVR0cHNqbDZEcGd5UG9POWFhbFdyYzhaTDNqb1FOQ2xmcEFYVUZUZTJkNUZSYzNRUlhCajJhNHBNK3VXd2gxYlwvUWtiTEE0bk5lVmp0d2lcL3pkQT09IiwibWFjIjoiNjA5MDU2ODViYTQ4YmM0YjlmYWVmOWY1NzliY2Y3YjdhYjMzYTA0MWU4ZjMwODg0N2E5NGI2N2U2ZDc3MTIwNSJ9"
"yetAnotherCookie" => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
]
}
Failure
ParameterBag {#40
#parameters: array:4 [
"__unam" => "bc7c68-14f8d12a5ef-43097c02-217"
"XSRF-TOKEN" => "eyJpdiI6ImV6aklvVVNwZHdCMThON1hQOW9rcmc9PSIsInZhbHVlIjoiWlY1aGdQamJ1Y2FQTGxTUDZTTmxPK2xLZm5xZG15enlVXC95RXhRMHNqbm9udkp5T3NnR3FBQ0dxRWEzYTdIVUFveHA1TTZkV2lTcGlcL1wvalQzQ09QbUE9PSIsIm1hYyI6IjYyMzM5MGM4MjYxNzYzNmI5NGYyZDFmMTU3M2M4NTA5NzBlYjZlMGZmMmViM2QzNjlhZjZmNTdlMmE4ZmRjMmUifQ=="
"laravel_session" => "eyJpdiI6Illzd2xnalRXVzhKaVI0blRQUUtiNXc9PSIsInZhbHVlIjoiKzVaQVR0cHNqbDZEcGd5UG9POWFhbFdyYzhaTDNqb1FOQ2xmcEFYVUZUZTJkNUZSYzNRUlhCajJhNHBNK3VXd2gxYlwvUWtiTEE0bk5lVmp0d2lcL3pkQT09IiwibWFjIjoiNjA5MDU2ODViYTQ4YmM0YjlmYWVmOWY1NzliY2Y3YjdhYjMzYTA0MWU4ZjMwODg0N2E5NGI2N2U2ZDc3MTIwNSJ9"
"yetAnotherCookie" => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJK"
]
}
Only yetAnotherCookie was truncated this time, not laravel_session. Looking at the HTTP request again, this cookie has made its way to the end of the list again despite being set first (I guess Chrome alphabetized the list of cookies?) only now the full list was shorter:
__unam=bc7c68-14f8d12a5ef-43097c02-217; XSRF-TOKEN=eyJpdiI6ImV6aklvVVNwZHdCMThON1hQOW9rcmc9PSIsInZhbHVlIjoiWlY1aGdQamJ1Y2FQTGxTUDZTTmxPK2xLZm5xZG15enlVXC95RXhRMHNqbm9udkp5T3NnR3FBQ0dxRWEzYTdIVUFveHA1TTZkV2lTcGlcL1wvalQzQ09QbUE9PSIsIm1hYyI6IjYyMzM5MGM4MjYxNzYzNmI5NGYyZDFmMTU3M2M4NTA5NzBlYjZlMGZmMmViM2QzNjlhZjZmNTdlMmE4ZmRjMmUifQ%3D%3D; laravel_session=eyJpdiI6Illzd2xnalRXVzhKaVI0blRQUUtiNXc9PSIsInZhbHVlIjoiKzVaQVR0cHNqbDZEcGd5UG9POWFhbFdyYzhaTDNqb1FOQ2xmcEFYVUZUZTJkNUZSYzNRUlhCajJhNHBNK3VXd2gxYlwvUWtiTEE0bk5lVmp0d2lcL3pkQT09IiwibWFjIjoiNjA5MDU2ODViYTQ4YmM0YjlmYWVmOWY1NzliY2Y3YjdhYjMzYTA0MWU4ZjMwODg0N2E5NGI2N2U2ZDc3MTIwNSJ9; yetAnotherCookie=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
It cut off at 685 bytes this time instead of the 678 from earlier. Curiouser and curiouser.
Here's another odd one. I tried hitting a slightly different endpoint. Instead of www.mywebsite.com/api/employees/1, I pinged www.mywebsite.com/api/employees/10
This time one additional letter was removed from the cookie string. This prompted me to look at the entire raw HTTP request one more. Exactly 1435 bytes into the raw HTTP request is when the cookie string got cut off.
So I performed one more experiment: I sent a huge custom header using the following javascript from the browser
$.ajax('/api/employees/1', {
method: 'PATCH',
headers: {'X-REALLY-LONG-HEADER': 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'},
success: function(data) { console.log(data); }
});
I also modified the return value slightly because Laravel's dd() function wraps the return value in a lot of HTML that would make it hard to interpret in the console. With the really long header in place, I got the following after a few attempts:
Cookies:
__unam = bc7c68-14f8d12a5ef-43097c02-217
XSRF-TOKEN = eyJpdiI6ImV6aklvVVNwZHdCMThON1hQOW9rcmc9PSIsInZhbHVlIjoiWlY1aGd
This was actually 1460 bytes into the raw request... I'm not sure how to interpret the fact that it behaved differently, but this is suggesting some weird 1450-ish byte limit before PHP's built-in server craps out on the HTTP request.
Attempted to upgrade PHP to 5.6
First apt-get failed me. apt-get install --only-upgrade php5 just installed a slightly newer 5.5.9
Then I downloaded the source from php.net and attempted to build from source. Per the INSTALL instructions, you should run ./configure before running make and make install, so I tried it out. After a short while I got the following:
...
checking for strftime... (cached) yes
checking which regex library to use... php
checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.
I tried updating this with apt-get install libxml2 and got the following:
root@C9-workspace:~/php-5.6.13# apt-get install libxml2
Reading package lists... Done
Building dependency tree
Reading state information... Done
libxml2 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 200 not upgraded.
Since ./configure failed me and I can't upgrade libxml2, I tried just installing:
root@C9-workspace:~/php-5.6.13# make
make: *** No targets specified and no makefile found. Stop.
It's possible I'm just incompetent as a server admin, but I don't know how to install PHP 5.6 without a helpful MSI file
906
Use the isset() function upon the superglobal $_COOKIE variable to check if a cookie is set.
Right-click and click on Inspect Element to open the developer console. Go to the Storage tab. Expand the Cookies menu and select the website to check cookies. On the right side of the console, you will see the cookies that have been set on the website.
One way to set this is by adding the number of seconds before the cookie should expire to the result of calling time(). For instance, time()+60*60*24*30 will set the cookie to expire in 30 days. Another option is to use the mktime() function.
Congrats, you found a PHP bug; I've just reported it.
You can't do anything about it now, except waiting for a fix.
As I noted inside the bug report, the cause really is that the headers are so large, thus the browser splitting it up into multiple TCP packets… and the HTTP parser in sapi/cli/php_http_parser.c currently does not seem to back up the buffer with the header value in case it needs to wait for the next packet and merging it with the next packet later. Hence, it ends up to be truncated.
As code tells sometimes more than text: a simple reproduce case: http://git.php.net/?p=php-src.git;a=commitdiff;h=37d814b84cff3678a2e1d56ea9d3ba3c35082e13
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
