Open ts65 opened 2 years ago
Ouchie. im in the same boat. interestingly swoole/openswoole uses urlencode as well: https://openswoole.com/docs/modules/swoole-http-response-cookie
this is specifically an issue if one does base64 encode before setting cookie - as it uses + character as well.
@ts65
if you use base64 - you could safeguard your data like this instead - it doesnt use + char:
sodium_base642bin($base64String, SODIUM_BASE64_VARIANT_URLSAFE);
sodium_bin2base64($binaryString, SODIUM_BASE64_VARIANT_URLSAFE);
@linuxd3v Unfortunately I have control over one part (creating the cookie) but not the other (consuming the cookie), so I can't use base64 encoding since it wouldn't be decoded. But yes, if someone can do it, it would help.
Currently the library uses urlencode/urldecode. Could you change it to use rawurlencode/rawurldecode so it encodes spaces as %20 and not +? Since 7.4.3 PHP uses %20 and it would be more consistent with it's setcookie function and $_COOKIE doesn't decode the +. I need to set a cookie that is compatible with that.