I want to know how secure a cookie is and if it can be read by other applications other than the one that set it.
I want to set a cookie that will store some sensitive data for my site to read at any time.
Can other applications read cookies that my application sets? If so, do I need to encrypt the data stored in the cookie?
NOTE: I do not have access to SSL.
EDIT: The info I want to store is user details. I am creating a white label website. On the request of a specific url (e.g http://www.mysite.com/joebloggs) I want user data about Joe Bloggs to be stored on the client machine. When the client returns to http://www.mysite.com I want the data on Joe Bloggs to be read from the cookie so I can track it.
If you can avoid to include sensitive data in cookies, that would be best. Since as was said in another answer, anything on the user’s computer can always be compromised.
However, if you DO need to, you should always encrypt the data. Default encryption on Forms Authentication cookies is through DPAPI which uses the user context running the web app and the machine key, so it would not be best suited for load balanced environments.
In that case, you should go for encryption through digital certificates (RSA, for example).
For cookies you manage yourself you’d have to use the Crypto API, or some wrapper or utility classes, such as this one.
For Forms Authentication cookie, there is the protection settings which let you configure the encryption mechanism.