laravel开发效率高很适合做web开发,可是session自己进行了加密,需要实现不同应用单点登录就比较麻烦了,用nodejs实现了session的解密算法(只针对laravel5.1).
理论上其他服务只需要通过读cookie里存的session就可以自己解密来实现自己的登录检测.
import * as crypto from 'crypto'
import * as serialization from "php-serialization"
let laravelSession = 'eyJpdiI6IjJvMzJSVnNyb3l1eEZvQ3NSUlBcLzZ3PT0iLCJ2YWx1ZSI6IjkxeVJjaXFSY2tlNUxwV0djcitnaUFNVnJzYUhHcXVndUwxOEZQeFE2Z3FHbDIyUndPRzFQMWZBS1E3TUFTeEdKUGx5aCtIY3d6WVlcL1p1dU5nQmd1QT09IiwibWFjIjoiNjI2ZDUzN2MxZmZiMzZkNGI3NTkxNTM3NGZmOTU3MTRjZjQ1NmM5OTJhOTVlNzBmNzc2ZDk1YThkMzVlODVmNiJ9'
let data = JSON.parse(new Buffer(laravelSession, 'base64').toString())
// let data = {
// "iv": 'PEGE6zj6C\/VdOmnwVXSFaw==',
// "value": "fpKlXI2Sa1fq8mDIgwvBr1g235LvExcde8IZ0JY9Jw5DN3IArBQ\/2ghmU21yjReOLC84DBpkaIwcghwAorVPYg==",
// "mac": "366d20bf35f7a4123f97659b3be8b1083eb15ffd29567b9699c220a5a6a00e95"
// }
const APP_KEY = 'laravel的APP_KEY'
let ivBase64 = new Buffer(data.iv, 'base64') // base64 iv
let decipher = crypto.createDecipheriv('aes-256-cbc', APP_KEY, ivBase64)
let sessionId = decipher.update(data.value, 'base64', 'utf8')
console.log('session_id: ' + serialization.unserialize(sessionId))
解密得到的session_id就是laravel实际的session_id.