Skip to content
Browse files

Base64 URLEncoding could generate -, so it's not safe to use -- as a …

  • Loading branch information...
1 parent f7e26f6 commit 15e0b5614cfc5041b7ae9e0b6eab39b6cd96ebdc @sunfmin committed Mar 26, 2012
Showing with 4 additions and 4 deletions.
  1. +4 −4 sessions.go
View
8 sessions.go
@@ -2,13 +2,13 @@ package mango
import (
"bytes"
- "hash"
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
+ "encoding/gob"
"fmt"
+ "hash"
"io/ioutil"
- "encoding/gob"
"net/http"
"strings"
)
@@ -50,7 +50,7 @@ func decode64(value string) (result string) {
func decodeCookie(value, secret string) (cookie map[string]interface{}) {
cookie = make(map[string]interface{})
- split := strings.Split(string(value), "--")
+ split := strings.Split(string(value), "/")
if len(split) < 2 {
return cookie
@@ -91,7 +91,7 @@ func encode64(value string) (result string) {
func encodeCookie(value map[string]interface{}, secret string) (cookie string) {
data := encodeGob(value)
- return fmt.Sprintf("%s--%s", encode64(data), encode64(hashCookie(data, secret)))
+ return fmt.Sprintf("%s/%s", encode64(data), encode64(hashCookie(data, secret)))
}
func prepareSession(env Env, key, secret string) {

0 comments on commit 15e0b56

Please sign in to comment.
Something went wrong with that request. Please try again.