in reply to Security using Encrypted cookies
You shouldn't be sending encrypted cookies. You should use session variables instead. Then you can keep the "secret" data on the server side.
merlyn has a good article on the subject of cookies. Chek out his home page.
In Section
Seekers of Perl Wisdom