minor #14670 [Security] TokenBasedRememberMeServices test to show why encoding username is required (MacDada)v2.3.30v2.3.29

This PR was squashed before being merged into the 2.3 branch (closes #14670).

Discussion
----------

[Security] TokenBasedRememberMeServices test to show why encoding username is required

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #14577
| License       | MIT
| Doc PR        | no

241538d shows that it's not actually tested, 257b796 reimplements it with test.

I can remove the POC commit if it's not needed.

Commits
-------

63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required

1 files changed, 2 insertions, 0 deletions

diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
index a129b1d..89bcb6f 100644
--- a/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -123,6 +123,8 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
      */
     protected function generateCookieValue($class, $username, $expires, $password)
     {
+        // $username is encoded because it might contain COOKIE_DELIMITER,
+        // we assume other values don't
         return $this->encodeCookie(array(
             $class,
             base64_encode($username),