The session cookie value is a plain JSON string, which gets encoded in ASCII-only storages, such as cookie store. Especially, this causes a mismatch in the length calculation in the cookie chunker in @supabase/ssr; sometimes, cookie values exceed the max length.
What is the new behavior?
This PR base64-encodes the session value before saving in the storage.
The rationale for using base64:
it is used in the JWT encoding
URL encoding encodes {, }, ", ] to 3 characters tripling in length, whereas base64 encoding increases x4/3 in bytes, so the overall length would be similar
What kind of change does this PR introduce?
Feature
What is the current behavior?
The session cookie value is a plain JSON string, which gets encoded in ASCII-only storages, such as cookie store. Especially, this causes a mismatch in the length calculation in the cookie chunker in
@supabase/ssr
; sometimes, cookie values exceed the max length.What is the new behavior?
This PR base64-encodes the session value before saving in the storage.
The rationale for using base64:
{
,}
,"
,]
to 3 characters tripling in length, whereas base64 encoding increasesx4/3
in bytes, so the overall length would be similarAdditional context