Which term describes modifying cookies to gain unauthorized access or manipulate user sessions?

Cookie tampering is when an attacker edits cookie data on the client side to change what the server thinks the user can do or who the user is. Cookies often carry a session identifier or user metadata. If the server trusts the cookie value without checking it on the server, changing that value can let someone impersonate another user or access unauthorized parts of the site. This happens when session information or permissions are stored in the cookie itself or when the server relies on the cookie without verifying its integrity. To defend against this, cookies should be protected with integrity and confidentiality measures: store critical session data on the server side, sign or encrypt cookie contents (often with an HMAC or similar mechanism), and regenerate session IDs on login. Use HttpOnly and Secure flags, and apply proper server-side validation to ensure the session truly matches the authenticated user. This makes it much harder for an attacker to tamper with cookies to gain access. The other options don’t describe this scenario. XSS Reflection relates to injecting scripts that reflect user input, not modifying cookies to hijack sessions. Open Vulnerability Assessment Service isn’t a standard term for this concept, and tcptraceroute is a network diagnostic tool, not related to session manipulation.