The documentation for the CookieAuthenticator class seems not finished. Indeed, at the end of the class description, there is:
The default encryption algorithm is AES but can be changed with setEncryptAlgorithm(String). It is also strongly recommended to [to what?]
The documentation for the CookieAuthenticator class seems not finished. Indeed, at the end of the class description, there is: