diff --git a/src/Auth/CookieAuthenticate.php b/src/Auth/CookieAuthenticate.php
index 637fa6a..1d2f122 100644
--- a/src/Auth/CookieAuthenticate.php
+++ b/src/Auth/CookieAuthenticate.php
@@ -156,7 +156,7 @@ protected function setCookie(Response $response, $cookie)
      */
     public function decodeCookie($cookie)
     {
-        return json_decode(Security::decrypt($cookie, Security::getSalt()), true);
+        return json_decode(Security::decrypt(base64_decode($cookie), Security::getSalt()), true);
     }
 
     /**
@@ -169,7 +169,7 @@ public function decodeCookie($cookie)
      */
     public function encryptToken($username, $series, $token)
     {
-        return Security::encrypt(json_encode(compact('username', 'series', 'token')), Security::getSalt());
+        return base64_encode(Security::encrypt(json_encode(compact('username', 'series', 'token')), Security::getSalt()));
     }
 
     /**
diff --git a/tests/TestCase/Auth/CookieAuthenticateTest.php b/tests/TestCase/Auth/CookieAuthenticateTest.php
index cc10be8..7412a35 100644
--- a/tests/TestCase/Auth/CookieAuthenticateTest.php
+++ b/tests/TestCase/Auth/CookieAuthenticateTest.php
@@ -286,7 +286,7 @@ public function testDecodeCookie()
     public function testOnAfterIdentify()
     {
         // -- prepare
-        FrozenTime::setTestNow('2017-08-01 12:23:34');
+        FrozenTime::setTestNow('2017-09-03 12:23:34');
         $user = ['id' => 1, 'username' => 'foo'];
         $request = (new ServerRequest)->withData('remember_me', true);
         $response = (new Response());
@@ -322,7 +322,7 @@ public function testOnAfterIdentify()
 
         $this->assertSame($decode['series'], $tokens->first()->series);
         $this->assertSame($decode['token'], $tokens->first()->token);
-        $this->assertTrue($tokens->first()->expires->eq(new FrozenTime('2017-08-31 12:23:34')), 'default expires is 30days after');
+        $this->assertTrue($tokens->first()->expires->eq(new FrozenTime('2017-10-03 12:23:34')), 'default expires is 30days after');
     }
 
     /**
@@ -433,4 +433,39 @@ public function testOnLogout()
             ])->all();
         $this->assertCount(1, $tokens, 'drop token');
     }
+
+    /**
+     * test with EncryptedCookieMiddleware
+     */
+    public function testWorkWithEncryptedCookieMiddleware()
+    {
+        if (!class_exists('\Cake\Http\Middleware\EncryptedCookieMiddleware')) {
+            $this->markTestSkipped();
+
+            return;
+        }
+
+        $middleware = new \Cake\Http\Middleware\EncryptedCookieMiddleware(['rememberMe'], str_repeat('1234abcd', 4));
+        $request = new ServerRequest();
+        $response = new Response();
+
+        $encoded = $this->auth->encryptToken('foo', 'series_foo_1', '123456');
+
+        $response = $response->withCookie('rememberMe', ['value' => $encoded]);
+        $response = $middleware($request, $response, function ($request, $response) {
+            return $response;
+        });
+
+        $request = $request->withCookieCollection($response->getCookieCollection());
+        $decryptRequest = null;
+        /* @var $decryptRequest ServerRequest */
+        $middleware($request, $response, function ($request, $response) use (&$decryptRequest) {
+            $decryptRequest = $request;
+
+            return $response;
+        });
+
+        $result = $this->auth->decodeCookie($decryptRequest->getCookie('rememberMe'));
+        $this->assertSame(['username' => 'foo', 'series' => 'series_foo_1', 'token' => '123456'], $result);
+    }
 }