space is deliminator while also a legal character in client_id and session state

Issue #917 resolved
Brian Campbell created an issue

The space character is used to concatenate/delimit client_id and session state in the postMessage data but is also a legal character in both of those values.

So it can't be used reliably to parse the two values apart unless additional constraints or assumptions are made about the content of client_id and/or session state.

IMHO, it should be fixed. But if not, it should at least be called out.

There's some discussion on the list (I'm filing this issue so it won't get lost):

Comments (2)

  1. Michael Jones

    We will prohibit spaces in the session state, which would allow a right split to work regardless of the content of the Client ID. We will also recommend that no spaces be used in Client IDs.

  2. Log in to comment