It occurs to me that larger sessions could be supported by inspecting the size of the encrypted payload and spreading it over as many cookies as are required.
There would still need to be limits of course but checking this would also allow for helpful error messages. (At the moment the browser will. typically. just silently ignore the cookie.)
It might also be nice to compress the data prior to encrypting.
Also, is this library still maintained? Are PRs welcome? Would they be welcome for the sorts of features I've described above?
It would be nice if slightly larger sessions were supported. (I'm only just bumping against the limit.)
The limit of course being the size of a single cookie. (https://tools.ietf.org/html/rfc6265#section-6.1)
It occurs to me that larger sessions could be supported by inspecting the size of the encrypted payload and spreading it over as many cookies as are required.
There would still need to be limits of course but checking this would also allow for helpful error messages. (At the moment the browser will. typically. just silently ignore the cookie.)
It might also be nice to compress the data prior to encrypting.
Also, is this library still maintained? Are PRs welcome? Would they be welcome for the sorts of features I've described above?