Session id and authorised characters in url


We are using Prodigy 1.10.8 with multi user sessions.

To make process simple we build an "identification" service, where we encode user identification credentials into base64 and pass it as session id.
For example for me it will be ZXZnZW55LmJhemFyb3ZAYmVzZWRvLmNvbQ==, so at any time I will want to connect to prodigy I will use it as my session id.
When I check DB I see that session id was not stored as metadata, also I saw that session without = character stored correctly.
I don't know if it's expected behaviour or some bug on our end.

1 Like

I think that I found the answer :sweat_smile:

= symbol is not allowed in GET and should be encoded.

There are 66 unreserved characters that doesn't need any encoding: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~

I think that just replacing this padding symbol by something like _ will work as fast&dirty solution. Maybe add some reminder in documentation to avoid certain symbols in session name?

Thanks for the update and glad you found a solution! I guess the other alternative would be to URL-encode the special characters (which can work if you're auto-generating the URLs anyway).

1 Like