question is whether there is anything sensitive within the cookie, why you need to encrypt cookie? using https against mitm isn't enough? is client storing this cookie for a longer period and you expect someone will access it, tamper it, etc...?
for the best practices:
- limit the amount of sensitive information stored in the cookie.
- limit the subdomains and paths to prevent interception by another application.
- enforce SSL so the cookie isn’t sent in cleartext.
- make the cookie HttpOnly
perhaps you can read more at https://www.owasp.org/index.php/Session_Management_Cheat_SheetCookies
Nimbostratus