Why does the Provider class always encode/decode values as JSON? I know this is necessary for the default CookieProvider, but shouldn't it be in the CookieProvider class, as opposed to the base Provider class? Is there a reason this is done this way?
I don't think it is doing a JSON encode in the provider.
The encodeValue function are converting the state object(s) in to an encoded string format that isn't JSON. The resulting string is escaped and state object type information encoded within (in an abbreviated fashion) - perhaps someone else can answer why this approach rather than JSON - but it looks to me like it is optimal for the restricted storage of a cookie?