AES encrypt/decrypt does not validate input length

[ianpartridge]

Reported by @Lukasa

It seems you have a risk of generating encrypted cookies that you cannot decrypt.
Specifically, CookieCryptography.decode just assumes that the original input was only 36 bytes long. However, CookieCryptography.encrypt does not actually check that.
So you have a risk of getting garbage output.
Is there any reason you aren't just using PKCS7 padding? It seems to be supported by BlueCryptor.

[Andrew-Lees11]

Closing since PR have been merged and released in sessions 3.3.2