Unicode Emojii Values break the session cookie JSON file

[ammuench]

Okay, so I know this sounds a bit crazy, but I'm currently running a site that uses Steam for OpenID, and part of that is that it passes back their steam username, which is serialized in the session.

We had a user who's cookie JSON was continually stored as unfinished--it simply cut-off halfway through. Turns out he had Unicode Emojii in his steam name that caused the cookie to just give up and stop there--causing a failure later when the website tried to read the session since it couldn't parse an invalid JSON file (see attached images).

I'm not sure where it's failing in the process, but it appears that when a unicode emojii gets passed through, the cookie stops being written completely and is sent incomplete (note that the JSON object gets cut off after the user's name, right where the unicode emojii start)

[chill117]

That's an interesting one. Can you check the sessions database table to see if the data is cut-off in the same place?

[ammuench]

Yes, when we had him re register it cut off where the Unicode emojis came
up every time

On Mon, Aug 22, 2016, 7:30 AM Charles Hill notifications@github.com wrote:

That's an interesting one. Can you check the sessions database table to
see if the data is cut-off in the same place?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#49 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACAJygymR2iRBfR3jK5JQeDIO9Ulhxjzks5qiZZxgaJpZM4Jo5Dg
.

[chill117]

Hmmm.. It is most likely an issue with the database character encoding. Could you post here the exact character that is causing the issue?

[ammuench]

For my problem user it kept breaking on 🌾 (tall grass emojii?).

I know this is absurd, haha, thank you for actually hashing it out with me.

On Mon, Aug 22, 2016 at 8:20 AM Charles Hill notifications@github.com
wrote:

Hmmm.. It is most likely an issue with the database character encoding.
Could you post here the exact character that is causing the issue?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#49 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACAJylnugHMoPLhWCUokhOVGufmkkq-jks5qiaIvgaJpZM4Jo5Dg
.

[chill117]

I think this is it? It doesn't seem to be supported by my browser (chrome). If that isn't it, maybe you can find it here:
http://apps.timwhitlock.info/emoji/tables/unicode

Looks like it is necessary to use MySQL's "utf8mb4" encoding instead of the regular utf8. I haven't tried it yet.

[ammuench]

That is it. Odd you can't see it, I'm on chrome and it renders fine, haha.

But yes, that is the character that the session object was breaking on

On Tue, Aug 23, 2016 at 5:02 AM Charles Hill notifications@github.com
wrote:

I think this http://apps.timwhitlock.info/unicode/inspect/hex/1F33E is
it? It doesn't seem to be supported by my browser (chrome). If that isn't
it, maybe you can find it here:
http://apps.timwhitlock.info/emoji/tables/unicode

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#49 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACAJyljXq7zmgVRNKQ0Kv2c5tftDk0RYks5qisUzgaJpZM4Jo5Dg
.

[chill117]

@ammuench Did you try the "utf8mb4" encoding for the sessions table's data field?