From 15e0b5614cfc5041b7ae9e0b6eab39b6cd96ebdc Mon Sep 17 00:00:00 2001
From: Felix Sun <sunfmin@gmail.com>
Date: Mon, 26 Mar 2012 14:45:12 +0800
Subject: [PATCH] Base64 URLEncoding could generate -, so it's not safe to use
 -- as a sign seperator
 http://tip.golang.org/src/pkg/encoding/base64/base64.go?s=783:870#L12

---
 sessions.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sessions.go b/sessions.go
index 5b3e84e..2309326 100644
--- a/sessions.go
+++ b/sessions.go
@@ -2,13 +2,13 @@ package mango
 
 import (
 	"bytes"
-	"hash"
 	"crypto/hmac"
 	"crypto/sha1"
 	"encoding/base64"
+	"encoding/gob"
 	"fmt"
+	"hash"
 	"io/ioutil"
-	"encoding/gob"
 	"net/http"
 	"strings"
 )
@@ -50,7 +50,7 @@ func decode64(value string) (result string) {
 func decodeCookie(value, secret string) (cookie map[string]interface{}) {
 	cookie = make(map[string]interface{})
 
-	split := strings.Split(string(value), "--")
+	split := strings.Split(string(value), "/")
 
 	if len(split) < 2 {
 		return cookie
@@ -91,7 +91,7 @@ func encode64(value string) (result string) {
 func encodeCookie(value map[string]interface{}, secret string) (cookie string) {
 	data := encodeGob(value)
 
-	return fmt.Sprintf("%s--%s", encode64(data), encode64(hashCookie(data, secret)))
+	return fmt.Sprintf("%s/%s", encode64(data), encode64(hashCookie(data, secret)))
 }
 
 func prepareSession(env Env, key, secret string) {