A web server will present a client with a cookie to store.  Then, each time the client visits that server; it will include the cookie in the HTTP request. That way, the server knows that it’s talking to the same client as before. Knowing the identity of this client can unfortunately be security vulnerability. Cookies are stored and associated with a single machine and browser, unless you use something like Google Sync to synchronize cookies on multiple machines

  There are three basic types of cookies Session cookie – a cookie that is deleted when the browser closes, Persistent cookie – a cookie that isn’t deleted when the browser closes, often implemented by allowing the user to check a “remember me” checkbox to change a session cookie to a persistent one and Tracking cookie, or third-party cookie – Cookies can be used by advertisers to track a user’s clicks on the web. In particular, a server can determine that someone who visited Site A also visited Site B.

    The basic Cookie main purpose is to help remember or associate a web site visit to a particular machine in a web-server, which it usually is a stateless. In short, Cookies allow web servers to associate information with a particular user. 

Generally speaking cookie technology has four components: a cookie Header line in the HTTP response message (S2: server to client); a cookie header line in the HTTP Request message (S1: client to server); a cookie file kept on the user’s end system and managed by the user’s browser; and a back-end database at the Web site.