In the organization that i work for, there was a serious debate about the following.
There is a POJO with 6 different properties all are of type Strings. These values need to be persisted as cookies so that it can be picked back when someone does a booking on the site. These values in POJO signify the referer who drove the customer to the site. Before shoving it into the cookies, It is converted into json format and stored in cookie. While retrieving it is retrieved and deserialized into a POJO. I don't see any big issue with this, but others seem to be against it and being a quick managerial meeting, i could not ask why do you think that it is bad? Is this really bad, if so why?
There are checks to make sure it is a valid value and it is base64 encoded before being stored in cookie. So from security perspective, there are no concerns as such even if someone hacks.