For long-standing reasons having to do with session rotation not working in a clustered environment that uses a datasource for session storage, we are forced to read the data field from the cf_session_data table based on a cfid value.
After upgrading to Lucee 5.2.3.35, we found that the data stored in that field is encrypted. Is it possible to decrypt this data?
EDIT: It’s also possible that the data is Base64 encoded, but simply converting it toBinary and then toString doesn’t work. It used to be a struct. Is it a Java object now?
I believe, if my memory serves me correctly, that the session data is now serialized in 5.x.x (can’t remember which version introduced it, just remember reading it somewhere). Try: