http://www.perlmonks.org?node_id=120484


in reply to Encrypted Storage of sensible Data in a Cookie

You may also want to try a MAC (message authentication code), whereby you generate a one-way hash (MD5 or similar) of the contents of the cookie together with a "secret key", known only to the server.
When you get the cookie back, you compare the MAC the client hands back with a freshly generated one.
This is to ensure the client doesn't alter the cookie you hand them. Chapter 6 of "Writing Apache Modules with Perl and C" (O'Reilly) is probably useful.
It also recommends using an MD5 hash of an MD5 hash of the data, for reasons I can't remember.