Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: base64-encode session cookie value #698

Closed
wants to merge 1 commit into from

Conversation

jebibot
Copy link

@jebibot jebibot commented Dec 3, 2023

What kind of change does this PR introduce?

Feature

What is the current behavior?

The session cookie value is a plain JSON string, which gets URL-encoded by most server implementations. This causes a mismatch in the length calculation in the chunker; sometimes, cookie values exceed the max length.

What is the new behavior?

This PR base64-encodes the cookie value before passing to the chunker.

The rationale for using base64:

  • it is used in the JWT encoding
  • jose has been included and used for while
  • URL encoding encodes {, }, ", ] to 3 characters tripling in length, whereas base64 encoding increases x4/3 in bytes, so the overall length would be similar

Additional context

@jebibot
Copy link
Author

jebibot commented Dec 4, 2023

Closing in favor of supabase/auth-js#816, as auth-helpers are deprecated.

@jebibot jebibot closed this Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant