[Tinned_Tuna]

Yea... this has been around for years.

JSP and ASP.NET have allowed for this kind of shennanigans in their "view state" (albeit, security is a configuration option away...) mechanism. It's not hard to extend it out to things flying back and forth to the user.

As for usability, these sort of things should be wrapped up in a nice container class; HMAC taken care of, and (probably) a key-value API presented. No fuss, no muss.

If there's no such library, creating one could definitely pose a security risk to any project without sufficient expertise, as this post appears to be endorsing.

Find an existing, tested, reviewed implementation that provides the API you need, and stick with it.