Multiple cookies of a client device are used to form an identifier of the client device such that a change in one or even several browser cookies does not defeat proper device recognition. The cookies are included in the identifier such that individual cookies can be parsed for separate comparison with corresponding cookies of known devices. However, to protect privacy of all devices, individual parameters of the constituent cookies are represented with irreversible hashes of the respective parameters. Recognition involves quantification of a degree of correlation between the cookies and corresponding cookies of each of the known devices. To quantify the degree of correlation, the observed stability and uniqueness of each cookie, and each cookie attribute, is considered.