Encrypting or signing cookies quickly becomes painful when you have multiple front ends. Either they all need to coordinate around the signing key, or they all need to share the same key, and they need to synchronize on key rotation.
multiple frontends as in multiple instances? or different instances.
what I do is set the domain to be specific to my subdomain. (note this really only works when doing subdomain stuff, if you're doing subroute things like Amazon ALB.. then I dunno)
Having things be separated like this is good, since Cookie's can get big fast, you can go over the max cookie size.
