1. Encryption makes sense if you do not want the cookie value to be spoofed or spoofed. To do this, you can use https://www.php.net/openssl_encrypt or any wrapper from Google on request "PHP encrypt lib"
2. Store as a string. Please note that the maximum data size for a cookie is usually 4Kb (a string of 4,000 characters). The most compact option is a string with numbers separated by a separator. $id = "1,2,3,4,5"; или $id = "1|2|3|4|5";
- When encrypted, the length of the string will be higher than the original.
- For convenience, you can use json_encode(), this will come in handy if you also need to work with cookies through JS.
ps if it is supposed to store a lot of id on the client, then it is preferable to use localstorage which is supported by all modern browsers and is not limited to 4kbhttps://caniuse.com/#search=localstorage