What encryption algorithm is best for encrypting cookies?

Question

Since this question is rather popular, I thought it useful to give it an update.

Let me emphasise the correct answer as given by AviD to

Answer 1

As pointed out a few times in previous comments, you must apply integrity protection to any ciphertext that you send out to the user and accept back. Otherwise the protected data can be modified, or the encryption key recovered.

Especially the PHP world is full of bad examples that ignore this (see PHP cryptography - proceed with care) but this does apply to any language.

One of few good examples I've seen is PHP-CryptLib which uses combined encryption-authentication mode to do the job. For Python pyOCB offers similar functionality.