Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi guys,
Did anybody run into an issue when the Cookie::get('key') call returns the encrypted value?
I'm receiving something like this:
eyJpdiI6Ikw1bFlMZUQ0UGs3RUZ0SUp3dzlJUVE9PSIsInZhbHVlIjoicXNmb3hLdEpBWGhLZG1BWEtkK2tTQVwvem9VSW96NGpaK25UMGFqaElPWDZ5aFwvamVlWlU5ZnVjNk1KTUNkRWZjIiwibWFjIjoiYjI0YTFlMzJmM2NiZTMxODcxNjc0MWM4Mzc5MTRiNTNlODBhMDI4YjExZTkyNzdjZTIxNzQxZTVjNWZkMmI0YyJ9
So, my temporary solution - which is absolutely not ideal or nice - is:
$value = Cookie::get('key');
try {
$value = decrypt($value);
} catch (DecryptException $e) {
}
What might be wrong in such cases?
Is it possible that you are encrypting your cookies somewhere in your code when you set them? In that case you would be setting an encrypted value that in turn, gets encrypted, and retrieving an enctypted-encrypted value. Therefore, you get an encrypted value after it's decrypted the by the framework the first time. This seems inception-like, right!
I'm not encrypting the value when setting the cookie. This is how I'm setting it:
$this->identifier = str_random(32);
Cookie::queue('key', $this->identifier);
return $this->identifier;
I think the problem here, is that I'm using a service provider which is using this class, and it happens if I want to get the value in this class. If I'm trying to read the cookie in any of my controller or other part of the code it works fine. I'm not sure if my explanation make sense, but I hope so. :)
Did you ever figure out what was going on here? I'm running into the same issue - not encrypt-ception (at least not intentionally)
return redirect()->route('search')->withCookies([cookie('agent_ID', $agent_ID, 131400)]);
then retrieval:
dd($request->cookie('agent_ID'))
brings up an encrypted string, and running decrypt, on that brings up the value (in this case '1') piped onto the end, with another hash of some sort as a prefix?
$value = Crypt::decryptString($request->cookie('agent_ID'));
dd($value);
// yields:
"5bb0ba8283a6d63ad6aa493799f043e8f3900706|1"
Pretty confused, but hoping you found something?
--> after posting, I found a S.O. question that has some helpful context, and offered a solution that works(and I'm now using), but still feels very un-Laravel in how to retrieve a cookie's value. https://stackoverflow.com/questions/65247093/how-to-decrypt-cookies-in-laravel-8
Cookies are encrypted/decrypted automatically by EncryptCookies middleware If you access cookies via $request->cookie, you will get decrypted value. If you access via $_COOKIE superglobal, you will get encrypted value.
This SO answer might help: https://stackoverflow.com/a/75411008/1227926
In short, if the cookie value is not sensitive, you can disable encryption for it by following the documentation:
I'm using Laravel 11 and I'm still encountering this problem.
I don't want to disable encryption for this cookie, I want Cookie::get() to return the decrypted value.
This is how I set the cookie
CookieFacade::queue(
name: config(key: 'cookies-consent.cookie.name'),
value: json_encode(['essentials' => true, 'analytics' => $analytics]),
minutes: config(key: 'cookies-consent.cookie.duration'),
path: config(key: 'cookies-consent.cookie.domain', default: config('session.domain')),
);
So I'm expecting
Cookie::get(config(key: 'cookies-consent.cookie.name'))
to return an JSON encoded string, something like
{"essentials":true,"analytics":true}
Does anybody know how to fix it?
@troccoli
It may not passed default Middlewares, for example when NotFoundHttpException caused.
As you can see EncryptCookies in Illuminate/Foundation/Http/Kernel.php, default middleware contains encrypting process.
github.com/laravel/framework/blob/67286590127b8531b661a85e17c0a39d12030429/src/Illuminate/Foundation/Http/Kernel.php#L105
@troccoli And answers in this question will help you.
@Natsuki I don't see how this helps.
I want the cookie to be encrypted, but I would expect Cookie::get() to return the decrypted content of the cookie.
The same way I don't manually encrypt the value when I create the cookie, I don't think Laravel should expect me to manually decrypt it when I retrieve it.
Please or to participate in this conversation.