Chinese traffic with disallowed key characters

[eluser]Unknown[/eluser]
I have a reoccurring issue where non-malicious users from China get flagged for disallowed key characters in the $_COOKIE array. I have narrowed it down to a cookie that follows this format:

1383227545|8554573|60519|0|0|0=1383227545|8554573|60519|0|0|0 (cookie name = cookie value)

My question is not why (for those that don't know, the disallowed character is the pipe '|') but what...what is that cookie? It only appears occasionally with Chinese users, specifically around Hong Kong, and it seems to happen mostly with SSL pages. Is this some sort of tracking cookie for the Chinese government? It looks an awful lot like a UTM cookie value

I know that I can add the pipe as an allowed character as the character by itself doesn't pose any security issues, but I'm mostly curious of the implications of allowing such a cookie or if I am completely off-base with my assumptions about the cookie itself (i've looked all over the webz and can't find anything about a pipe delimited chinese tracking cookies)

any help is already appreciated!

[eluser]InsiteFX[/eluser]
The only cookies you should be seeing are the ones you create and the session cookie.

On my apps I end up having 3 cookies at the most.

1) Database session cookie
2) User login cookie
3) User Remember Me cookie

Any other cookies should be voided if you did not create them or CI created the session cookie.

You may also get a CSRF cookie from your forms if you set it up for it

[eluser]Unknown[/eluser]
I totally agree. I'm just curious of where this cookie is coming from. We're not creating it, and it only appears for random Chinese users...some of which are even validated via SSO. My sneaky suspicion is that it's a Chinese traffic tracking cookie.

I'm surprised it seems no one else has run into this same issue...possibly because we altered the core system input class to alert us via email when a detection occurs, so maybe others just don't know.

What would help me is if someone can identify that cookie, as well as help me evaluate if adding the pipe to the allowed characters list would be harmful. I know it's a command separator and that's typically why they aren't included. Furthermore, I know that this only really matters if the data possibly runs through an eval/system like function, which our cookie data does not.

If the cookie can be confirmed as nothing more than a tracking cookie and that the pipe by itself doesn't pose a threat, then I'll just add the character because this is a recurring issue with paying clients we have in China.

Thanks again for the help and your reply InsiteFX!