search

laravel / framework

The Laravel Framework.
https://laravel.com
MIT License
32.3k stars 10.95k forks source link

Database session driver issue #52966

Closed G1FEF closed 1 week ago

G1FEF commented 1 week ago

Laravel Version

10.48.22

PHP Version

8.2.20

Database Driver & Version

MariaDB 10.11.6 on Debian 12

Description

Some bots create a session with invalid characters in the user_agent string, the session driver attempts to save this in the "sessions" table throwing an exception:

local.ERROR: SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: '\xA1\xB1)' for column portal.sessions.user_agent at row 1 (Connection: mysql, SQL: update sessions set payload = YTozOntzOjY6Il90b2tlbiI7czo0MDoiZ3VDWTFlN3R0ejZDSko2ckl0Wkw0WFFhS3Z3REJDMEI1azBMNXRPVCI7czo5OiJfcHJldmlvdXMiO2E6MTp7czozOiJ1cmwiO3M6MjM6Imh0dHBzOi8vcG9ydGFsLmFtcHIub3JnIjt9czo2OiJfZmxhc2giO2E6Mjp7czozOiJvbGQiO2E6MDp7fXM6MzoibmV3IjthOjA6e319fQ==, last_activity = 1727373969, user_id = ?, ip_address = 27.124.32.96, user_agent = Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp??) where id = rtFcVnYtffBZuUO1zNQj7VjogY7PLFOtkSH4kT9p) {"exception":"[object] (Illuminate\Database\QueryException(code: 22007): SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: '\xA1\xB1)' for column portal.sessions.user_agent at row 1 (Connection: mysql, SQL: update sessions set payload = YTozOntzOjY6Il90b2tlbiI7czo0MDoiZ3VDWTFlN3R0ejZDSko2ckl0Wkw0WFFhS3Z3REJDMEI1azBMNXRPVCI7czo5OiJfcHJldmlvdXMiO2E6MTp7czozOiJ1cmwiO3M6MjM6Imh0dHBzOi8vcG9ydGFsLmFtcHIub3JnIjt9czo2OiJfZmxhc2giO2E6Mjp7czozOiJvbGQiO2E6MDp7fXM6MzoibmV3IjthOjA6e319fQ==, last_activity = 1727373969, user_id = ?, ip_address = 27.124.32.96, user_agent = Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp��) where id = rtFcVnYtffBZuUO1zNQj7VjogY7PLFOtkSH4kT9p) at /home/webhosts/portal/https/vendor/laravel/framework/src/Illuminate/Database/Connection.php:829)

Steps To Reproduce

Create a Laravel instance, configure it to use a database session driver and wait for a bot to connect.

rodrigopedra commented 1 week ago

What collation and charset are you using in your MySQL database?

You can check those in your ./config/database.php, or on your .env file, in case you are setting those as the DB_CHARSET and DB_COLLATION environment variables.

crynobone commented 1 week ago

Hey there,

Unfortunately we don't support this version of the library anymore. Please check out our support policy on which versions we are currently supporting. Can you please try to upgrade to the latest version and see if your problem persists? If so, please open up a new issue and we'll help you out.

Thanks!