cookie crumbler uses username:password base64 encoded and this relies
on extracting the username from the cookie to set the session, but
other authentication methods do not embed the username, but still share
the same scripts to set the authentication cookie (so that we have one
central point setting cookie with all the necessary attributes for
security).
The problem is that it's incorrect to try to decode an username with
cookies from other authentication methods, simply because they do not
contain the username. On python2 this was not causing visible error
because everything is str, but the decoding error on python3 revealed
this.