What is the purpose of cookie encryption?
I was researching internet security. When I reached the Cookies section, I happened to read that the values inside a cookie are generally stored only after encrypting them. But an encryption can be easily decrypted by someone who can tamper the cookies. Considering the fact that if we have tampered with the cookie, then whether it is encrypted or not, it is possible to access the session corresponding to that cookie. Then what is actually the purpose of encrypting the cookie?
Cookies can be used for a variety of reasons. At the simplest level it might contain a random number that advises the site that you are the same person that visited previously, either for tracking purposes or to provide enhanced functionality such as user preferences. Such cookies do not need to be encrypted.
Cookie Encryption is used when you want to persist something client side that you do not want changed and/or seen by a user. For example on the completion of an authentication process you will set an encrypted cookie containing details of the user to be presented with each subsequent request. This is what provides the appearance of a 'logged on session' when in fact the browser is making a series of otherwise unrelated atomic requests. In most large web sites this authenticated session management is handled by front end infrastructure services that hide this complexity from the application developer.
The cookie can also be used to contain the current application state, which is useful if your application runs across multiple geographic sites and the user is expected to return to another site before you have had a chance to replicate data there. As to your last point, if you tamper with encrypted data you will almost always render it useless for the purpose for which it was intended. Depending on the application, it will either cause the server side application to fail, or fail validation of the encrypted data.