爬虫与 cookie 简单认证，很奇怪为啥不通过？

请求拿到验证 js -> 带上 cookie 再次请求 -> 依旧返回 js cookie 认证

每次请求下面代码发给我的 cookie 值都不一样，无法通过匹配。(爬虫请求)

但为啥 js 的 reload()就可以通过 substr($_COOKIE['sec_defend'], 0, 32)!==substr($iptoken, 0, 32))

$iptoken 不是时时刻刻都在变化吗?

求科普，下面是认证的服务端代码。

function cc_defender(){
    $iptoken = md5(x_real_ip() . date('Ymd')) . md5(time() . rand(11111, 99999));
    if ((!isset($_COOKIE['sec_defend']) || substr($_COOKIE['sec_defend'], 0, 32)!==substr($iptoken, 0, 32))) {
        if (!$_COOKIE['sec_defend_time']) {
            $_COOKIE['sec_defend_time'] = 0;
        }
        $sec_defend_time = $_COOKIE['sec_defend_time'] + 1;
        include_once(SYSTEM_ROOT . 'hieroglyphy.class.php');
        $x = new hieroglyphy();
        $setCookie = $x->hieroglyphyString($iptoken);
        header('Content-type:text/html;charset=utf-8');
        if ($sec_defend_time >= 10) {
            exit('浏览器不支持 COOKIE 或者不正常访问！');
        }
        echo '<html><head><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="content-type" content="text/html;charset=utf-8"><title>正在加载中</title><script>function setCookie(name,value){var exp = new Date();exp.setTime(exp.getTime() + 60*60*1000);document.cookie = name + "="+ escape (value).replace(/\+/g, \'%2B\') + ";expires=" + exp.toGMTString() + ";path=/";}function getCookie(name){var arr,reg=new RegExp("(^| )"+name+"=([^;]*)(;|$)");if(arr=document.cookie.match(reg))return unescape(arr[2]);else return null;}var sec_defend_time=getCookie(\'sec_defend_time\')||0;sec_defend_time++;setCookie(\'sec_defend\',' . $setCookie . ');setCookie(\'sec_defend_time\',sec_defend_time);if(sec_defend_time>1)window.location.href="./index.php";else window.location.reload();</script></head><body></body></html>';
        exit(0);
    } elseif (isset($_COOKIE['sec_defend_time'])) {
        setcookie('sec_defend_time', '', time() - 604800, '/');
    }
}