I want my PHP code to differentiate between cookies created by JavaScript (using document.cookie) and PHP (using setcookie()).
Let us suppose below pseudocode:-
<?php
$X = $_COOKIE['X'];
if($X_COOKIE_IS_SET_BY_PHP)
// ALL IS GOOD
else if($X_COOKIE_IS_SET_BY_JAVASCRIPT)
// SET A COOKIE USING PHP
?>
There is no difference. Cookies are cookies.
The only way (though highly unreliable), is to remember in the session whether you set the cookie from PHP. If not, then it might have been set from JavaScript. But like I said, this is unreliable. The cookie might have been set from PHP in an earlier session, or someone might have manually messed with the cookies.
I think the best way is to use session variables altogether. The session keeps the leading value on the server. If you need the value in JavaScript too, you can set a cookie, or add the value in a small script, but in PHP you never read back the cookie value at all, just use the session value on the server, and to reset the cookie on each request, so the client knows that value too.
Cookie isn't something stored in server side. It's a piece of data stored in the user's computer / browser. When you use setcookie() in PHP, The server sends the cookie with header which the browser stores in the user's computer (and the browser sends it back with next requests). The place that cookie is stored is the same place where document.cookie would store. Hence, after it's stored, we cannot differentiate it whether it was stored by PHP or Javascript, because no information regarding that is recorded.
