php - Cookie (un)serialization in Laravel 5.5.42
Security release 5.5.42 "disables all serialization / unserialization of cookie values" - https://laravel-news.com/laravel-5-6-30 But I have my values serialized still, only not unserialized. While I do
I get something like
protected static $serialize = true; in App\Http\Middleware\EncryptCookies helps, and so does
But as I understand unserialize() itself is the source of the problem with this security release, not what I do with the unserialized value later, so this kinda beats the purpose of the update. Why are my cookies serialized here and how to fix this?