Along with token encryption, add signature to token. this is standard way to save token/data from request forging.