It took me 2 solid hours to figure out why two visually identical strings would produce totally difference checksums.

After examining the byte output of mcrypt_decrypt, I found there are tons of trailing nulls behind the decrypted string. The reason why I could not visually differentiate between a string with trailing nulls ($A) and the one without ($B) is because the echo command and string concatenating commands seems to discard the nulls altogether.

However, byte level comparator like $A === $B and strcmp($A, $B) would produce negative results because they treat trailing nulls as valid data. In order to remove the trailing nulls caused by cryptographic padding, we simply remove the trailing nulls: rtrim($A, “\0″) such that rtrim($A, “\0″) == $B.

One of the most common problems encountered by novice PHP users is that cookies do not seem to persistent across subdomains using a normal approach found in many website examples.

The solution is simple. The full argument of PHP’s setcookie function is as follow:

bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )

The trick is to set the value of $domain, something almost all self help tutorials will omit.

For example, to set a particular cookie to be accessible on all subdomains under bitsofbytes.org, we will set $domain = “.bitsofbytes.org”.

Simple as that!