What encryption algorithm is best for encrypting cookies?

Question

Since this question is rather popular, I thought it useful to give it an update.

Let me emphasise the correct answer as given by AviD to

Answer 1

So many terrifying things been said, which is true though, but let's see the bright side, a little common sense and continuous watch over your site might save you all the time.

Saving cookies is an important part of web development so one can't ignore it. But also we should avoid as much as possible; I see the use of Cookies only if I want to extends the login session even after user close the browser. If ones don't want to extends the user session beyond browser closing, then Session component should be used. Even with Session component usage one should be aware of Session Hijacking.

Anyways, back to Cookie thing; In my opinion if one's follow the following precautionary measurement, I am pretty sure we can be on the safer side.

I divide the precautionary measurement in to two phase

Phase1: Development

1. Set path attribute
2. Set expiration_date
3. set secure, httpOnly attributes
4. Use latest encryption Algorithms
5. Use two algorithms: for instance use blowfish and then use base64_encode on top of it.

Phase 2: Operation/Audit

1. Periodically make site audit, using tools like burp.