-
Vincent Pelletier authored
Fernet tokens are urlsafe-base64-encoded, so re-encoding them is useless. This change breaks compabitility with what should be a transient login state (lasting as long as the login form is opened in any browser). So the consequence is that a user failing to authenticate will be redirected to a safe location (ex: the website's home page) instead of getting to the login form again. This should not be worth either a systematic double-decrypting (which could lead to harder to debug decryption errors) or some heuristic trying to guess if the value is in fact double-encoded.
915b20c4