Cookie content and security?

I’m trying to decipher the magic behind Yii cookies. Here’s what I’ve gathered so far:

  • The cookie name is some sort of code; looks like an MD5, but of what, I’m not sure.

  • The cookie contents are primarily a serialized array containing the user ID, user name, expiration, and state information.

  • This array string is prefixed by some lengthy hex value. From what I gather, this is a hash of the serialized array its self.

But I have a few questions on this. Primarily, where does that lengthy hex prefix come from, and what does it do? Also, is there any mechanism preventing someone from just copying a cookie from one computer to another?

And on a similar note, I’ve noticed that the YiiSessions table will (quite aggravatingly) be repopulated by cookie data if it is emptied. So, why have a YiiSessions table at all, if it’s not actually being checked for anything?

I’ve gotta bump this; it may not be urgent, but it is quite important.