MAC is invalid in $session->setId($this->encrypter->decrypt($cookie))

[DionisioFG]

Hi,

I searched for this issue but i did not find anything about it.

I am having an error in two applications in the same domain ( domain/a, domain/b):

SleepingOwl/Admin/Helpers/StartSession.php line 44
"MAC is invalid" in $session->setId($this->encrypter->decrypt($cookie))

To check this error:

• I clear the browser cache.
• I enter in domain/a without problems.
• I enter in domain/b and give me this error
• I clear the browser cache
• I enter in domain/b without problems.
• I enter in domain/a and give me this error.

It seems that it is problem of 2 or more applications in the same domain

[followtheart]

The MAC is invalid

I have this problem too.More seriously csrf-token and laravel_token seems to be constant!!!

[Squarius]

Same Problem here.

[followtheart]

I delete browser's cookies and sessions,and it works fine now.

[Squarius]

Thanks. That helped.

[denistorresan]

Hello to all,
I probably found the problem, and it's located into SleepingOwl/Admin/Helpers/StartSession.php line 44 as says @DionisioFG.

The same situation appear also when you try to navigate a site in HTTP, than navigate the same site in HTTPS.

My solution is to wrap the line 44, into try/catch:

try{
$session->setId($this->encrypter->decrypt($cookie));
}catch (\Exception $exc){}

this solves the problem.
I'll do a pull request about this soon.

[denistorresan]

Hello, I fixed the issues and created a pull request to the main repo:

#253