I have a simple website (using java) which has login and reset password page. In the reset password page, when a valid email is given, an email is sent to the user with a url for the reset password page with a token which I generate by encrypting certain data.
I get the email with the correct url and the correct token. But the token contains a special character "+" (Sometimes multiple times. But so far I have seen only this as the special character).
But when I click on the link, in Firefox the "+" character is turned to blank space and in Chrome, IE and safari the "+" character is changed to "%20".
Since i'm passing this token to validate the user as valid, to reset his password, I'm unable to decrypt it. So even for a valid user the reset password is failing.
I have put a temporary fix by doing a string replace to black spaces and "%20" back to "+". But since this doesn't look like a long term solution, can anyone suggest a more permanent fix for this issue?
example
Original : http://examplewebsite/resetPassword?token=abcedfg+abcedf+g
Firefox : http://examplewebsite/resetPassword?token=abcedfg abcedf g
Others : http://examplewebsite/resetPassword?token=abcedfg%20abcedf%20g
Thanks in advance
which language you are working , every language has url encoder and decoders use them, basically + and some ther characters get encoded into %20% and other values, you need a url decoder for converting back before decrypting it.
For java , refer UrlDecoder
Sample code :-
URLDecoder.decode("special+chars%3A+%26%25*+", "UTF-8")