使用base64_decode解码XML在PHPUnit中工作正常但在浏览器中返回UTF-16编码数据

I'm having some strange issues with decoding an XML snippet, contained with a cookie, with PHP's base64_decode function:

In our PHPUnit tests, we can decode the XML and echo it out to the console and it prints XML as you would expect (all unit tests pass as well).
As soon as we try running the same code in the browser, the decoded XML appears to contain loads of UTF-16 characters interspersed with fragments of the expected XML tags. For example:
<CreateSession\u000f\u0013Y...

As you might then expect, we end up with an Exception: String could not be parsed as XML... error when passing this string to the SimpleXMLElement constructor.

Some further info:

The XML itself comes from an external login system and we don't have any control over it's format; it doesn't come with any <?xml...?> declaration and the root node is this <CreateSession>...</CreateSession> tag.
I've checked the character encoding of the page being served and have verified that it is UTF-8.
The site being developed is using Drupal
We tried passing the XML / UTF-16 string through Drupal's drupal_convert_to_utf8 function, but this just returns the Chinese (I think) symbols e.g. 敲

Has anyone come across anything like this before or have any idea what might be causing this?

Aha! It turns out that, when run in the browser, the cookie values were automatically URL decoded by PHP, meaning that any '+' in the base64 encoded text were being replaced by spaces. Adding this line of code before calling base64_decode fixed things:

$tmp = str_replace(' ', '+', $value);