There is a law on cookies, they are legal if they are only readable by the server. All that means is that the encryption has to be atleast decent because companies would want to stay out of lawsuits. I doubt there are scripts to insert a cookie and decrypt a specific cookie, but www.google.com; it's a wild goose chase.