After some further investigation, I found that the twitch cookies were a result of embedding twitch into my application.
From Validating Tokens | Twitch Developers again:
WARNING Twitch periodically conducts audits to discover applications that are not validating access tokens hourly as required. If your app shows up in an audit, Twitch will reach out to you to resolve the issue. If the issue is not resolved, Twitch reserves the right to take punitive action, such as revoking the developer’s API key or throttling the application’s performance.
Based on this warning, it seems like any application not in compliance would get a warning, and though of course I could follow’s Twitch’s specific recommendations/fixes after that happens, I might accidentally miss the warning email/message from Twitch. I am trying to implement the hourly validate calls, but I am having issues figuring out which users’ keys need validation as I am not sure what constitutes a user being in an OAuth session.