Cookie poisoning is a technique known mainly for achieving impersonation and breach of privacy through manipulation of session cookies that maintain the identity of the client (or end user).
You tell Domino your identity by appending a session cookie to the request headers.
When a user authenticates for the first time, the PHP application, after retrieving the session cookie, asks this agent for the location of the user's mail file.
By including a session cookie, the Domino server thinks that your script is actually a human user who recently logged in and is now accessing the database.