Cookies work their magic by expanding the abilities of HTTP, so it's hard to talk about one without first explaining the other. HTTP (hypertext transfer protocol) is a group of standards that cover the way Web pages, graphics, and other data should be transferred across the Net. In other words, it's the rules of the road.
Every server and browser on the Web uses this standard to communicate. A small HTTP header is sent with each transaction, telling the receiving end exactly what it's getting. These headers communicate requests from browsers, as well as server responses. A normal HTTP response header looks something like this:
HTTP/1.0 200 Found
Date: Wed, 30 Oct 1996 23:48:22 GMT
This header (or something like it) is sent with every single file that comes to you through the Web. So why haven't you noticed? Well, the information contained inside a cookie isn't displayed. In fact, a cookie is designed to be invisible to the user. Your browser is smart enough to strip off the information and just give you the page you're looking for.
One of the limitations of HTTP is that it's a "stateless" connection. It works more or less like a vending machine: You push a button, and if everything checks out (i.e., you have correct change), it gives you what you want. The vending machine doesn't know anything about you, except that you ordered a root beer and it served you one. There's not a lot of information going back and forth.
The HTTP cookie is an attempt to make regular HTTP a little smarter by including more information inside the HTTP header. By adding a "Set Cookie: ...." line to the HTTP header, the server can deliver cookie information to your browser. Your Web browser then saves this information and sends it back to the server the next time you visit the same site. Through this system, a kind of "persistent state" can be maintained, even though there's no ongoing communication between your browser and the cookie-setting server.