You have to set a news Key Generate because

您必须设置新闻密钥生成，因为

php artisan key:generate

After that test again to run the Laravel Application

再次测试后运行 Laravel 应用程序

php artisan serve

I got the same error, when I upgrade a Laravel 5.5 app to 5.6. The error comes form the EncryptCookies-Middleware.

当我将 Laravel 5.5 应用程序升级到 5.6 时，我遇到了同样的错误。错误来自EncryptCookies-Middleware。

Delete the cookies in your browser and/or clear your session-files in your Laravel app.

删除浏览器中的 cookie 和/或清除 Laravel 应用程序中的会话文件。

I've faced same problem. I frequently faced this problem in Homestead-vagrant environment. To solve this issue in Laravel 5.4,5.5,5.6 or more -

我遇到了同样的问题。我经常在 Homestead-vagrant 环境中遇到这个问题。要在 Laravel 5.4、5.5、5.6 或更高版本中解决此问题 -

php artisan config:clear

php工匠配置：清除

php artisan view:clear

php工匠视图：清除

php artisan key:generate

php工匠密钥：生成

I got the same error a couple of days ago when I pushed a production update to my Laravel project from Envoyer.

几天前，当我从Envoyer向我的 Laravel 项目推送生产更新时，我遇到了同样的错误。

Immediate fix:I tried to rollback to the previous commit but the issue persisted which means the issue was originating from the client side, cookies probably. I tried removing cookies and the issue was gone.

立即修复：我尝试回滚到之前的提交，但问题仍然存在，这意味着问题来自客户端，可能是 cookie。我尝试删除 cookie，问题消失了。

Later, I spent a lot of time looking for this issue but got nothing until I faced this issue again today with another deployment and i found this article on Laravel news about the security fix 5.6.30 update. I was able to identify that this issue occurs if i try to deploy previous (< 5.6.30) version of the laravel v5.6.26 for a project which was already using > v5.6.30 and cookies were already created ( not serliazed) which when <5.6.30 version of the framework tries to unserlize results in error because they're not properly serealized.

后来，我花了很多时间寻找这个问题，但一无所获，直到今天我通过另一个部署再次遇到这个问题，我在Laravel上找到了这篇关于安全修复5.6.30 更新的新闻。如果我尝试为已经使用 > v5.6.30 的项目部署 laravel v5.6.26 的先前 (< 5.6.30) 版本，并且已经创建了 cookie（不是 serliazed），那么我能够确定会发生此问题<5.6.30 版本的框架尝试取消序列化错误结果，因为它们没有正确序列化。

• Installing laravel/framework (v5.6.26) Loading from cache

• 安装 laravel/framework (v5.6.26) 从缓存加载

From the upgrade guide:

从升级指南：

Configuring Cookie Serialization Since this vulnerability is not able to be exploited without access to your application's encryption key, we have chosen to provide a way to re-enable encrypted cookie serialization while you make your application compatible with these changes. To enable / disable cookie serialization, you may change the static serialize property of the App\Http\Middleware\EncryptCookies middleware:

配置 Cookie 序列化 由于无法在不访问您的应用程序的加密密钥的情况下利用此漏洞，我们选择提供一种方法来重新启用加密的 cookie 序列化，同时您使您的应用程序与这些更改兼容。要启用/禁用 cookie 序列化，您可以更改 App\Http\Middleware\EncryptCookies 中间件的静态序列化属性：

I was able to fix this issue permanently by clearing cache of composer so forcing it to load latest version of the framework instead of falling back to cache.

我能够通过清除作曲家的缓存来永久解决这个问题，因此强制它加载最新版本的框架而不是回退到缓存。

Hope this helps.

希望这可以帮助。

Bests,

最好的，

Just Inspect the element in Browser, and go to application tab and select cookie and delete that all cookie. That's It.

只需检查浏览器中的元素，然后转到应用程序选项卡并选择 cookie 并删除所有 cookie。就是这样。

In my case I did removed my composer.lockand did a composer installand voila...

在我的情况下，我确实删除了我的composer.lock并做了一个composer install和瞧...

$ cd project_root
$ rm composer.lock
$ composer install

In App\Exceptions\Handler under render function use this snippet, it will reset browser cookie.

在渲染功能下的 App\Exceptions\Handler 中使用此代码段，它将重置浏览器 cookie。

if (str_contains($exception->getMessage(), 'unserialize')) {
    $cookie1 = \Cookie::forget('laravel_session');
    $cookie2 = \Cookie::forget('XSRF-TOKEN');

    return redirect()->to('/')
                 ->withCookie($cookie1)
                 ->withCookie($cookie2);
}

I also encountered this issue when I happened to update my composer. If you put

当我碰巧更新我的作曲家时，我也遇到了这个问题。如果你把

protected static $serialize = true;

inside App\Http\Middleware\EncryptCookies, the old cookie will break your system. So to prevent this, either you have to clear the cookie, or just don't unserialize the decrypted cookie.

在 App\Http\Middleware\EncryptCookies 里面，旧的 cookie 会破坏你的系统。因此，为了防止这种情况发生，您要么必须清除 cookie，要么只是不要对解密的 cookie 进行反序列化。

I made a workaround for this: Inside vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php Above this line of decrypt() function:

我为此做了一个解决方法：在 vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php 上面这行decrypt() 函数：

return $unserialize ? unserialize($decrypted) : $decrypted;

add:

添加：

try {
            return $unserialize ? unserialize($decrypted) : $decrypted;
        } catch (\Exception $e){
            return $decrypted;
        }

This might be ugly, but you can temporarily put it there until you think the old cookies has gone.

这可能很难看，但你可以暂时把它放在那里，直到你认为旧的饼干已经消失了。

yeah, for localhost you can just delete cookies, but for production put this in your error handler so users would not see whoops :

是的，对于 localhost，您可以删除 cookie，但对于生产，将其放入您的错误处理程序中，这样用户就不会看到 whoops ：

if (strpos($exception->getMessage(), 'unserialize(): Error at offset 0 of 40 bytes') === 0) {
    unset($_COOKIE['laravel_session']);
    unset($_COOKIE['XSRF-TOKEN']);

    setcookie('laravel_session', null, -1, '/');
    setcookie('XSRF-TOKEN', null, -1, '/');

    abort(200, '', ['Location' => route('frontend.home')]);
}

PS. tested for laravel 5.6.

附注。测试了laravel 5.6。

you will just run in terminal

你只会在终端中运行

composer global update