jooby: Cookiesecret.getBytes() and value.getBytes() use the platform default charset #196
{{ message }}
jooby: Cookie
secret.getBytes() and value.getBytes() use the platform default charset #196
secret.getBytes()andvalue.getBytes()use the platform default charset, which can produce different signatures across environments and break cookie validation (and is generally unsafe for cryptographic operations). Use an explicit charset (e.g., UTF-8) for both the secret and value bytes.Originally posted by @Copilot in #194 (comment)