People using scripts/bots or whatever to falsify the counter will likely not be storing cookie data or passing along a session cookie. You could throttle the clicks by IP, even to something relatively small like 1 click per second.
In the end, whatever a normal user can do in a browser can be scripted - the web server won't know the difference. If it's really a huge problem, you could put a captcha image on there but that seems like more hassle for the regular visitor than anything else.