Automatic and robust client-side protection for cookie-based sessions