If you're passing sensitive data to the client (the cookie) it's a hazard to encrypt only without a signature. _Always_ sign and verify, sometimes encrypt before signing / decrypt after verifying signature.
The problem is the client can modify and post the ciphertext all it likes until, eventually, the server does something undesirable, since the server is merely decrypting and acting on the data without verifying it hasn't been tampered with.
