Cookie poisoning is a process in which an unauthorized person changes the content in a user's cookie file. The intent of cookie poisoning is to gain access to sensitive information that may be stored in the cookie or on the server for the website the user is browsing.
A typical attack begins by obtaining the parameters stored in the user's cookie. The cookie may store information such as a session identifier, user id, pricing information, user preferences, expiration, and more. By changing the value of one or more of these parameters, an attacker can gain access to a website that is relys on the cookie as a form of authentication.