Browser cookies are a good way to provide a stateless protocol with some memory. Unfortunately, they're also good for hijacking application sessions and impersonating users. There are a number of attacks that utilize improper use of session cookies. Session hijacking is among the most common and potentially destructive cookie attacks.