By setting config.action_controller.session_store
to :active_record_store in environment.rb the sessions just become
references to records stored on the server and do not hold any ‘real’
data. Is there any way to have cookies (of the non session variety)
use the same mechanism?
Failing that is there a secure way to encrypt a cookie?