Apart from protecting yourself from spoofing, do you need to encrypt the data inside the cookie?

If you're just looking for a way to make a tamper-proof ticket, you can send the ticket data in the clear, plus a MAC (message authentication code). One advantage is that if you update the structure of the ticket, you don't need to change the decryption routine: there *is* no decryption routine. You receive a ticket, check that it is valid, and trust everything in it. (Actually, you could refactor your code to allow this in your approach as well.)

Also, in a real-world case you'll probably want to add an issue timestamp so that you can expire old tickets quickly — in the cleartext version, even before you waste CPU on crypto.