First, is hiding any confidential data. The simplest way is to not put confidential data in the cookie and keep it in local storage. The cookie becomes a key to find the local session data. The next best is to encrypt the data with a secret key. Compression is just obfuscation and not secure.

Second, is protecting the info from tampering. MACs are perfect for this because only those with the secret key can generate or verify the MAC. The plaintext can be read but not modified. For cookies that are just keys, the keys can be chosen from a large enough space that modifying the key results in an invalid value.

Second, is preventing replay attacks, from someone recording the cookie and using it later. Using SSL to keep the cookie from being known is the best solution. Including expiration time in the cookie or session is another solution.

Finally, is preventing tampering with the cookie. Generating cookies is a similar attack. MACs are a good solution since they can only be generated or verified by the secret key. An authentication cookie with a username, expiration timestamp, and MAC is perfectly good if user names don't need to be kept secret.

plaintext attacks.

Compress before encryption. Not in place. Please reread my node.

You typically dont' want the private data read as it may contain sensitive information.

Of course, encrypting the line is wanted. But the point is on just having a cookie outside of the wire transmition. After all, encrypting any line will make it more secure. :)

Secret keys, regardless of MAC, can be broken. Don't forget that key point.