When do you initially get assigned your unique http cookies when visiting a website?
I'm asking this in the sense of when creating a gui auth login from a website. Do you get your cookies the moment you visit the website? If so, if you don't visit the website by homepage and go straight to the http://website.com/login.php form, do you initially also get your cookies there if you haven't received them yet?
There is no correct answer to this. It is an implementation detail that no two websites (using different base code) do the same way. Variables include the implementation system/language (ASP, PHP, Python, Ruby, etc), use of standardized (or custom) libraries, how security-minded the website is, how long ago the website was written, etc.
Most websites will set your session cookie no matter what page you first arrive from. There are many ways to do this but all involve every possible entry point calling common routines in the website's source code for handling sessions, permissions, navigation, logins, etc.
Having said that, I'm there a significant number of websites that do not set any cookies until you do something that needs to be remembered (login, adding a product to a shopping cart, setting a preference, etc).
How you should do it depends on what is important to your website. There is no single answer to this.
Here's the official standard for cookies and their behaviors:
http://www.ietf.org/rfc/rfc2965.txt
Most browsers will try to conform to this standard as closely as possible, but note that it is up to the implementer. If there are bugs, then of course the behavior is different.
I think the thing you're looking for is that cookies are passed in with the request as long as the domains or URI are the same.
As someone else alluded to, cookies can be manipulated and are inherently insecure. Don't use them as a way for security. You can keep track that they've been logged in successfully with them, but you should put an expiration date on that fact.
On load of the the first page that sets a cookie.
It will be sent along with the content of that page, in the HTTP header.
In PHP:
You can set a cookie any time before sending output to the browser.
You can read it (via $_COOKIE) any time after setting it, including in the same page load.
Just remember that if you read it in the same page load where you set it, you are reading it from the current process, and not from the client's cookie, which won't have been sent yet.