Faspex transfer cookies contain information related to Faspex packages. The information is encoded in base64.
We encode the package name, the uploader or downloader name, the transfer uuid, and metadata fields, plus one more field to indicate whether the transfer is an upload, download, or relay.
The cookie format is:
TRANSFER_TYPE = u|d|r (for upload, download, or relay)
TRANSFER_UUID = for uploads, = Faspex internal package uuid. For downloads and relays, random uuid
ENC_USERNAME = Base64url-encoded name of the Faspex user account that initiated the transfer (email address for external users)
ENC_METADATA = Base64url-encoded JSON hash of package metadata
ENC_PACKAGENAME = Base64url-encoded package title
How to retrieve the recipient?
We don't encode the recipient in the cookie, because the recipient list is unbounded and could be of arbitrary length.
In order to get recipient names, the Faspex database could be queried directly - this could be done via the transfer token rather than the cookie. In the Faspex database, there is a table e_tokens:
SELECT e_package_id FROM e_tokens WHERE e_token_uuid='(token_from_transfer)';
SELECT e_package_recipient_string FROM e_packages WHERE id=(e_package_id from previous query);
Alternately, the FASP session id can be used instead: The session should be looked up in the e_sessions table:
SELECT e_package_id FROM e_sessions WHERE e_sess_central_id='(fasp session id)';