When you get the data back, re-hash

Compare received and calculated hashes

list($cookie_id,$cookie_hash) = explode('-',$_COOKIE['id']); if (md5($secret_word.$cookie_id) == $cookie_hash) { $id = $cookie_id; } else { die('Invalid cookie.'); }