The second line is not actually manually setting the cookie, it's manually assigning a value to an element in the $_COOKIE array so that you can refer to it later in the script. I wouldn't say this approach is less secure necessarily, but it's a bit of an artificial workaround (by that I mean it allows you to refer to a $_COOKIE variable before it should have a value).