I receive cookies that were not set by my server.
As I often receive cyber attacks I will abort any requested page which contains any GET, POST or COOKIE data with variables I don't use and with any data that contains characters I would not use and if the string length of the variable is outside limits I set.
I'm worried some of my client base are not able to use the site due to this cookie issue. By looking at the User Agent info I see spiders are mostly responcible for my site aborting a requested page.
Does anyone understand this behaviour and perhaps know the point of sending cookies unknown to a server?