This is a feature request but also a bug on some systems.

On a fancy nginx infrastructure Bakery's cookies were getting lost after some requests. Lost or just unvalidated, unfortunately the exact fault was never found. But, base64 encoding the cookie value before it was sent and decoding before decrypting has fixed the problem.

Based on PHP comments about mcrypt it seems a good idea that this get into Bakery.

I'll provide this for 6.x-2.x and 7.x-2.x.

CommentFileSizeAuthor
#1 Bakery-base64-1234462-d7.patch586 bytescoltrane
#1 Bakery-base64-1234462-d6.patch586 bytescoltrane

Comments

coltrane’s picture

coltrane
he/him
commented
Status: Active » Needs review
StatusFileSize
new Bakery-base64-1234462-d6.patch586 bytes
new Bakery-base64-1234462-d7.patch586 bytes
greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Instead of "fault protection" how about "Base64 encode the encrypted text because the result may contain characters that are not stored consistently in cookies."

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Otherwise, looks great to me.

coltrane’s picture

coltrane
he/him
commented

Thanks! Committed to Drupal 6 http://drupalcode.org/project/bakery.git/commit/bb68c5c

coltrane’s picture

coltrane
he/him
commented
Status: Needs review » Fixed

And to 7. http://drupalcode.org/project/bakery.git/commit/7fd37cd

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) commented
Issue summary: View changes

tomato/tomato