It's not a druthers kind of thing. If you need to trust that it hasn't been tampered with you must sign it.
And if you don't care you might as well not add authentication because without signing it's just a fancy CRC - ie, totally replicable by an attacker. As cookies and links are sent over TCP there should be vanishingly few errors in transmission - you're far more likely to introduce false positives with buggy code, and ...
You need to sanity check your inputs anyways. Just do it. This is also how you avoid bugs normally.
You said "sign or sanity check it", as if you can do whichever you want. But in the area suggested they have vast differences and security implications.
How many corrupted web pages do you see because of CRC failure in TCP?
And if you don't care you might as well not add authentication because without signing it's just a fancy CRC - ie, totally replicable by an attacker. As cookies and links are sent over TCP there should be vanishingly few errors in transmission - you're far more likely to introduce false positives with buggy code, and ...
You need to sanity check your inputs anyways. Just do it. This is also how you avoid bugs normally.