Content delivery network (CDN) edge server-based bot detection with session cookie support handling

What is claimed is as follows: 1. Apparatus, comprising: a hardware processor; and computer memory holding computer program instructions executed by the hardware processor, the computer program instructions comprising program code configured to: upon initiation of a session between a client and a site protected by a detection service, renew and provide the requesting client a first cookie, and initialize and provide the client a second cookie, the first cookie configured to identify a user associated with the client and to selectively throttle data collection at the client, and the second cookie configured to identify the session, the first and second cookies being different from one another; as a page that includes a reference to an endpoint is returned to the client, inject into the page a reference to a data collection script, the script configured to record one or more interactions at the client, to collect sensor data about the interactions, and to send the collected sensor data; receive and forward collected sensor data to the detection service; responsive to intercepting a request for the endpoint, determine whether the first and second cookies are present in the request; when the first and second cookies are present and valid, issue a query to the detection service to obtain a threat score associated with the client, the threat score based at least in part on the collected sensor data; and determine based at least in part on the threat score received from the bot detection service whether the request for the endpoint should be forwarded onward for handling. 2. The apparatus as described in claim 1 wherein, relative to the second cookie, the first cookie has a longer time-to-live (TTL). 3. The apparatus as described in claim 1 , wherein the first cookie remains valid for a given time period following expiration of the session, wherein the second cookie expires upon expiration of the session. 4. The apparatus as described in claim 3 , wherein the program code is further configured to selectively reset the second cookie after the session expires. 5. The apparatus as described in claim 4 , wherein the request for the endpoint is received after the second cookie has expired but while the first cookie remains unexpired. 6. The apparatus as described in claim 5 , wherein the program code is further configured to set the second cookie to a new value, and wherein the first cookie has a value that is associated to the new value. 7. The apparatus as described in claim 1 , wherein the program code is configured to forward the collected sensor data to the detection service continuously as the collected sensor data is received. 8. The apparatus as described in claim 7 , wherein the first cookie includes a value that, when set, signals the requesting client to cease forwarding collected sensor data after a given number of posts of such collected sensor data have been made by the requesting client. 9. The apparatus as described in claim 1 , wherein the second cookie comprises a field storing a unique identifier identifying the session, a field storing a domain for which the second cookie is set, and a field that holds the threat score returned by the detection service. 10. The apparatus as described in claim 1 , wherein the detection service is a bot detection service.