My only thought, which you have probably already had, is to store minimum info in the cookie. Just a unique identifier, which you can then use to call user info from the server, where you control how it's used and interpreted. So the only cookie-business is one write and then one read per page read.

If your site involves a log-in, then using the standard htpasswd mechanism (and ensuring user/pass combos were unique) wd give a perhaps less error-prone way to get the browser to tell you who it is - though obviously one involving more hassle for your users. OTOH if they know they are getting some personalised functionality for this hassle they may be willing to do it.

§ George Sherston