By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js.
This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
The use of encryption prevents people from seeing any potentially secret values you've used. It also supports and encrypt_and_sign model to prevent people from tampering with the bits and creating random junk that gets fed to
A motivated coder could use this to add an :encrypt=>true option to the cookie store.