I’m trying to decipher the magic behind Yii cookies. Here’s what I’ve gathered so far:
-
The cookie name is some sort of code; looks like an MD5, but of what, I’m not sure.
-
The cookie contents are primarily a serialized array containing the user ID, user name, expiration, and state information.
-
This array string is prefixed by some lengthy hex value. From what I gather, this is a hash of the serialized array its self.
But I have a few questions on this. Primarily, where does that lengthy hex prefix come from, and what does it do? Also, is there any mechanism preventing someone from just copying a cookie from one computer to another?
And on a similar note, I’ve noticed that the YiiSessions table will (quite aggravatingly) be repopulated by cookie data if it is emptied. So, why have a YiiSessions table at all, if it’s not actually being checked for anything?