A cookie is a small snippet of information used by websites and web applications for user session tracking. They are often unencrypted (though cookie encryption is becoming more prevalent) and contain information created by web servers that is then stored on users’ web browsers. Whenever a user goes to a website that had previously set cookies in the user’s browser, the web server exchanges specific sets of data with the browser, usually for the purpose of facilitating easier log-in to a website or application, or returning the user to the same section of the web page that was previously being viewed, to name a few examples of cookie functionality.
Cookies can remain persistent until a preset date, or only valid for one user session until log-out. They can also be deleted by the user for additional privacy and to avoid revealing to one website that a user also visited (or has an account with) another website.
Client-side cookie tampering is a method of tampering with the information stored on a user’s web browser and manipulating it to be used in malicious ways, such as hijacking a user’s session on a website or application. Such tactics can be used to assist in account takeover, impersonation, and fraud. In the context of bot detection, cookies are not considered to be a reliable marker of a visitor’s identity or humanity since they can easily be tampered with on the client side to carry out malicious activities.