diff --git a/Dockerfile b/Dockerfile
index b5c4fc0..88350a6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -70,4 +70,5 @@ RUN chmod +x "$FRAMELIX_SYSTEMDIR/entrypoint.sh"
 # health check
 HEALTHCHECK --interval=1m --timeout=3s CMD framelix_console all healthCheck -q || exit 1
 
+SHELL ["/bin/bash", "-c"]
 ENTRYPOINT $FRAMELIX_SYSTEMDIR/entrypoint.sh
\ No newline at end of file
diff --git a/appdata/modules/Framelix/composer.json b/appdata/modules/Framelix/composer.json
index f6f14c6..e72d000 100644
--- a/appdata/modules/Framelix/composer.json
+++ b/appdata/modules/Framelix/composer.json
@@ -5,6 +5,7 @@
         "mpdf/qrcode": "^1.2",
         "phpoffice/phpspreadsheet": "^2.2",
         "mpdf/mpdf": "^8.2",
-        "phpmailer/phpmailer": "^6.9"
+        "phpmailer/phpmailer": "^6.9",
+        "brainfoolong/js-aes-php": "^1.0"
     }
 }
diff --git a/appdata/modules/Framelix/src/Network/Cookie.php b/appdata/modules/Framelix/src/Network/Cookie.php
index 0d55cc0..c69ed61 100644
--- a/appdata/modules/Framelix/src/Network/Cookie.php
+++ b/appdata/modules/Framelix/src/Network/Cookie.php
@@ -5,7 +5,7 @@
 use Framelix\Framelix\Framelix;
 use Framelix\Framelix\Utils\CryptoUtils;
 use Framelix\Framelix\Utils\JsonUtils;
-use Nullix\CryptoJsAes\CryptoJsAes;
+use Nullix\JsAesPhp\JsAesPhp;
 use Throwable;
 
 use function base64_decode;
@@ -38,7 +38,7 @@ public static function get(string $name, bool $isSigned = true, bool $encrypted
             }
         }
         if ($encrypted) {
-            $value = CryptoJsAes::decrypt(base64_decode($value), CryptoUtils::hash($name));
+            $value = JsAesPhp::decrypt($value, CryptoUtils::hash($name));
         } else {
             // simply ignoring any json parse errors as this value can be modified by the user
             try {
@@ -74,7 +74,7 @@ public static function set(
             unset($_COOKIE[$name]);
         } else {
             if ($encrypted) {
-                $value = base64_encode(CryptoJsAes::encrypt($value, CryptoUtils::hash($name)));
+                $value = JsAesPhp::encrypt($value, CryptoUtils::hash($name));
             } else {
                 $value = base64_encode(JsonUtils::encode($value));
             }
diff --git a/appdata/modules/Framelix/upgrade-composer-libs.sh b/appdata/modules/Framelix/upgrade-composer-libs.sh
index f22e286..add8d4b 100644
--- a/appdata/modules/Framelix/upgrade-composer-libs.sh
+++ b/appdata/modules/Framelix/upgrade-composer-libs.sh
@@ -3,4 +3,4 @@
 SCRIPTDIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
 cd $SCRIPTDIR
 rm composer.lock compeser.json
-composer require robthree/twofactorauth lbuchs/webauthn mpdf/qrcode phpoffice/phpspreadsheet mpdf/mpdf phpmailer/phpmailer
\ No newline at end of file
+composer require robthree/twofactorauth lbuchs/webauthn mpdf/qrcode phpoffice/phpspreadsheet mpdf/mpdf phpmailer/phpmailer brainfoolong/js-aes-php
\ No newline at end of file
diff --git a/appdata/modules/FramelixTests/tests/Network/CookieTest.php b/appdata/modules/FramelixTests/tests/Network/CookieTest.php
index bb2f3e2..5a7b7ff 100644
--- a/appdata/modules/FramelixTests/tests/Network/CookieTest.php
+++ b/appdata/modules/FramelixTests/tests/Network/CookieTest.php
@@ -27,10 +27,10 @@ public function tests(): void
         // test encryption
         Cookie::set('fooencrypted', '123456', encrypted: true);
         $this->assertSame('123456', Cookie::get('fooencrypted', encrypted: true));
-        // missing encrypted flag will return the raw array from encryption
-        $this->assertIsArray(Cookie::get('fooencrypted'));
+        // missing encrypted flag will return null because value cannot be json decoded
+        $this->assertNull(Cookie::get('fooencrypted'));
         $_COOKIE['fooencrypted__s'] .= "11";
-        // missing encrypted flag will return the raw array from encryption
+        // missing encrypted flag will return null because value cannot be json decoded
         $this->assertNull(Cookie::get('fooencrypted'));
     }
 }