Done before a project, in order to achieve business functions simpler, I stored the user name information in the Cookie.
But we know that only support ASCII code Cookie, Cookie itself and its security risks, plus I save is the name of this sensitive information. So, for coding and security of these two considerations, I chose to use Base64 encoding when server settings Cookie, followed by Base64 decoding the extracted real data at the front end of the string JS script.
Encoding (the project server-based application development framework Django, so here take Python example), by means of a very simple base64 module
import base64
user_name = base64.b64encode(user.name)
response.set_cookie('user_name', user_name, 36000)
JS script to achieve base64 decoding
function b64DecodeUnicode(str) {
return decodeURIComponent(atob(str).split('').map(function(c) {
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
}).join(''));
}
Looks very best of both worlds, foolproof, in fact, and indeed the proper functioning of the project for a long period of time, there is a reaction when he submitted an user data in the system, click on the submit button nothing happens until one day, when I'm outside, take mobile phones to log another user account, we found that a simple test and there is no problem, and later cut another user account reconfirmed it is no problem. At that time I thought it was the user's browser issues (the front end does not consider the project to achieve compatibility with all browsers), then told him to change Firefox browser operation. The results others tell me is Firefox. . . . . . Mozhe, and quickly back to the lab to see in the end what is the problem
After back to the lab, I looked at the log and found that someone had recently used this feature, and are also normal (data, instructions for submitting came up), asked these users, also said there is no problem, then I feel odd strange, old man thought it was bad kidding me. So I landed on a local test version of the system a bit this user account, the operation of what he said did not respond. The result then, really so bad. . . . . .
Open your browser's developer mode found Base64 decoding fails, then look closely, found to be decoded string end to end more than "", the problem is out in the last two mechanisms imperceptible Base64 and Cookie values.
First talk about, standard Base64 encoded character by the 26 lowercase letters, 26 uppercase letters, 0-9 these 10 figures, as well as two special characters "+" and "/" a total of 64 characters.
Cookie using another look at a place to note, if the content stored in the Cookie contain special characters, such as spaces, brackets, parentheses, the equal sign (=), comma, double quote, slash, question mark, @ sign, colon, semicolon, then the Cookie will automatically put you in the head and tail "."
Now these two aspects together to look at, to understand the cause of the problem. Whose names contain Base64 encoded after "+", "/" special characters, and some others not, for a Cookie Cookie will be automatically processed into the former name and last encoded string stored embedding "" Format after calling this method getCookie JS script directly Base64 decoding is certainly not. This is why some users will be able to normal reaction function is not available while using some users.
One of the most simple solution: Cookie judgment obtained from end to end in Base64 encoded string contains double quotation marks, if any, will be removed, no do not control.
if (user_name.indexOf('\"') >= 0){
user_name = user_name.substring(1,nameLength - 1);
}