Cookie poisoning is an effort by an unauthorized person to access and control aspects of the data in a cookie, usually in order to steal someone’s identity or financial information. Many different kinds of hacking that focus on taking data from cookies can be called cookie poisoning, including theft of passwords, credit card numbers or other identifiers that are stored on cookie files.
The items inside a cookie that are subject to cookie poisoning are often called parameters. Successful attempts at cookie poisoning will correctly identify the parameters that contain usable information, such as selecting a credit card number from a transaction that also includes items like a session ID, time stamp and other information about purchases.
The general method for securing data against cookie poisoning involves encrypting the requests or transactions. Various services can help clients and end users to encrypt sent data so that it is no longer transparent to those who can use cookie poisoning to access it.