Cookies are small pieces of data that store information about your visit to a site. They uniquely identify your session so that things you put in your shopping basket remain there when you switch pages. They also remember that you’re logged in already among many other things the site would like to remember about you.

They are stored on your computer and remain there until they expire, or you delete them.

When you visit a web site, the web server can ask your computer to store a short bit of text on your computer and to send it back the next time you visit.

The original idea was that this: Say it’s an online shopping site, it might ask your browser to store “customer: 12842”, where that is your customer account number. The next time you come back, your web browser will tell the server “By the way, last time you asked me to store ‘customer: 12842′” and the server will know it’s you and can greet your with your name, and your half-filled shopping cart.

In principle, any cookie information is only given back to the same server that put it there.

Now, for the catch: Say, there is a little “Facebook” button at the bottom of some news web site. To display the button, your browser sends a request to the Facebook web server to ask for the image with the Facebook button and logo. In doing so, your browser tells Facebook which site it is one and also transmits any cookie that Facebook may have put on your browser previously, and these cookies may contain your Facebook account number. So, now Facebook can connect and knows that you (as identified by your Facebook account name in the cookie) are interested in the topics of this news site (as identified by the address of the web site that contained the Facebook button) and Facebook uses this to tailor advertisement for you. Facebook, of course, has buttons on many pages of many news sites from many different news publishers, so they will get a good idea what kind of news you like to read.

So, the advertiser follows you around, collecting information on what sites you visit. You might not like that, and this is why the site is legally required to inform you about that.

What the others here have missed to mention is, that HTTP is *stateless*. If you ask a website for a page, it will deliver to you the HTML markup and then it’s done with you. The server doesn’t remember you or what requests you may have done in the past.

That’s not good if you want to have a feature like a user login: You would need to send your username and password for every request you make, so the server can show you the correct content.

Therefore, after you send the server your username and password, the server creates some random string and sends it do you in the header part of the HTTP message. Now your browser sends that random string – the cookie – back to the server on every following request. The server can use that to look up who you are and modifies the answer to show different content.

ELI5 answer:

​

Cookies are a way for websites to remember you. It means they send your computer some information about what you did on the website. Perhaps if it’s a shopping site and you added a camera to your shopping cart, the website might send you a cookie with the name of the camera.

Now the next time you visit that website, your computer sends back the cookie to the website. Now the website says “Oh yeah I remember you! You put this camera in your shopping cart last time, so I’ll put it in for you this time.” Now you can continue shopping right where you left off.

It’s kind of like a save file in a video game. When you come back to the website, you can load your old “progress” because the website has a way to remember you.