Cookies are not sent just like that, the browser has to post them, i.e. there has to be some actions from the user's side. The best safeguard against these kinds of attacks is to use NoScript plugin in firefox, I am unsure of any such plugin for Internet Explorer, try googling in case you are a IE user.