By setting config.action_controller.session_store references to records stored on the server and do not hold any 'real' data. Is there any way to have cookies (of the non session variety) use the same mechanism?
Failing that is there a secure way to encrypt a cookie?