What the others here have missed to mention is, that HTTP is *stateless*. If you ask a website for a page, it will deliver to you the HTML markup and then it’s done with you. The server doesn’t remember you or what requests you may have done in the past.

That’s not good if you want to have a feature like a user login: You would need to send your username and password for every request you make, so the server can show you the correct content.

Therefore, after you send the server your username and password, the server creates some random string and sends it do you in the header part of the HTTP message. Now your browser sends that random string – the cookie – back to the server on every following request. The server can use that to look up who you are and modifies the answer to show different content.