A middleware that finds a bad remember me cookie and removes it. Temp fix while we wait for fix for 5.5.42. To be put at the top of kernel.

RememberMeCookieFix.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Auth\SessionGuard;
use Illuminate\Contracts\Encryption\Encrypter;

class RememberMeCookieFix
{
    public function __construct(Encrypter $encrypter)
    {
        $this->encrypter = $encrypter;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        // This is a remember me cookie fixer. It fixes cookies that are
        // serialized which are not supported by 5.5.42 and above by identifying it then deleting it.
        $rmbMeCookie = $request->cookies->get($cookieName = 'remember_web_'.sha1(SessionGuard::class));
        \Log::info("Checking remember me cookie", [$rmbMeCookie]);
        if ($rmbMeCookie) {
            $rmbMeCookie = $this->encrypter->decrypt($rmbMeCookie, false);
            $recallerId = explode('|', $rmbMeCookie, 3)[0];
            \Log::info("Recaller ID", [$recallerId]);

            if (!is_numeric($recallerId)) {
                \Log::info("Found serialized cookie");
                $request->cookies->remove($cookieName);
                \Cookie::queue(\Cookie::forget($cookieName));
            }
        }

        return $next($request);
    }
}