diff --git a/src/mod_sso/mod_sso.cc b/src/mod_sso/mod_sso.cc
index 1726bf6f32ebe2e2c99364b0ee4da48a18d93062..a6448e31644329b10e5c86db36f7582c39b89e9e 100644
--- a/src/mod_sso/mod_sso.cc
+++ b/src/mod_sso/mod_sso.cc
@@ -512,7 +512,7 @@ static int mod_sso_authenticate_user(request_rec *r)
   mod_sso_parse_requirements(r, req_groups, req_users, &allow_any_user);
 
   // Test for valid cookie
-  string sso_cookie = modsso::base64_decode(get_cookie(r, sso_cookie_name));
+  string sso_cookie = get_cookie(r, sso_cookie_name);
   if (!sso_cookie.empty()) {
     sso::Verifier verifier(s_cfg->public_key, s_cfg->service,
                            s_cfg->domain, req_groups);
diff --git a/src/mod_sso/test/httpd_integration_test.py b/src/mod_sso/test/httpd_integration_test.py
index 9d979fcff012ccc46f967858c55a68ccc5501fe4..8eb4653940eeb929c9b3ce771f9cd8591b54a9b6 100755
--- a/src/mod_sso/test/httpd_integration_test.py
+++ b/src/mod_sso/test/httpd_integration_test.py
@@ -63,7 +63,7 @@ class HttpdIntegrationTest(unittest.TestCase):
     def testRedirectionUrls(self):
 
         def mkcookie(tkt):
-            return "SSO_test=%s" % base64.b64encode(tkt)
+            return "SSO_test=%s" % tkt
 
         # Tests have a name so that we can recognize failures.
         checks = [
@@ -154,7 +154,7 @@ class HttpdIntegrationTest(unittest.TestCase):
         self.assertEquals(302, resp.status)
         set_cookie = resp.getheader("Set-Cookie")
         self.assertTrue(set_cookie)
-        self.assertTrue(base64.b64encode(tkt) in set_cookie)
+        self.assertTrue(tkt_enc in set_cookie)
         conn.close()
 
         # test the /sso_logout endpoint
diff --git a/src/sso_server/sso_server/application.py b/src/sso_server/sso_server/application.py
index 780a870d5a075a938b693ea17aa4c73dd88eab6b..3e87f68f72f3d753cac022877a9636722e4f6d32 100644
--- a/src/sso_server/sso_server/application.py
+++ b/src/sso_server/sso_server/application.py
@@ -1,4 +1,3 @@
-import base64
 import functools
 import json
 import logging
@@ -84,12 +83,8 @@ def login():
     # form.
     local_ticket_str = request.cookies.get(SSO_COOKIE_NAME)
     if local_ticket_str:
-        try:
-            local_ticket = app.login_service.local_authorize(
-                _tostr(base64.b64decode(local_ticket_str)))
-        except:
-            log.warn('error decoding ticket')
-            local_ticket = None
+        local_ticket = app.login_service.local_authorize(
+            _tostr(local_ticket_str))
     else:
         local_ticket = None
 
@@ -113,8 +108,7 @@ def login():
             return show_login_page(params, 'Authentication failed')
 
         # Set local auth cookie.
-        local_ticket_str = base64.b64encode(
-            app.login_service.local_generate(username))
+        local_ticket_str = app.login_service.local_generate(username)
 
     # At this point the user is authenticated, check authorization
     # and create the single sign-on ticket.
diff --git a/src/sso_server/sso_server/test/sso_server_test.py b/src/sso_server/sso_server/test/sso_server_test.py
index 5e6bcf1798d2ec105db9e86b1709520eaff2c53e..0af8f1d4f3696e1b738380baa685463de161c211 100644
--- a/src/sso_server/sso_server/test/sso_server_test.py
+++ b/src/sso_server/sso_server/test/sso_server_test.py
@@ -56,7 +56,7 @@ class SSOServerTest(unittest.TestCase):
         shutil.rmtree(self.tmpdir)
 
     def get_local_ticket(self, user):
-        return base64.b64encode(self.app.login_service.local_generate(user))
+        return self.app.login_service.local_generate(user)
 
     def get_auth_client(self, user='user', ticketstr=None):
         if not ticketstr: