It is a common misconception that cookies are programs that Web sites put on your hard disk. That they sit on your computer gathering information about you and everything you do on the Internet, and whenever the Web site wants to it can download all of the information the cookie has collected. This is all wrong. Definitions like that are fairly common in the press. The problem is, none of that information is correct.
Cookies are not programs, and they cannot run like programs do. Therefore, they cannot gather any information on their own. Nor can they collect any personal information about you from your machine.

A cookie is a piece of text that a Web server can store on a user's hard disk. Cookies allow a Web site to store information on a user's machine and later retrieve it. The pieces of information are stored as name-value pairs.
For example, a Web site might generate a unique ID number for each visitor and store the ID number on each user's machine using a cookie file.

Most Internet cookies are incredibly simple, but they are one of those things that have taken on a life of their own.
On the other hand, cookies provide capabilities that make the Web much easier to navigate. The designers of almost every major site use them because they provide a better user experience and make it much easier to gather accurate information about the site's visitors.

If you use Microsoft's Internet Explorer to browse the Web, you can see all of the cookies that are stored on your machine. The most common place for them to reside is in a directory called c:\windows\cookies.
Each file is a text file that contains name-value pairs, and there is one file for each Web site that has placed cookies on a machine. You can see in the directory that each of these files is a simple, normal text file. You can see which Web site placed the file on your machine by looking at the file name (the information is also stored inside the file). You can open each file by clicking on it.
For example, having visited goto.com, and the site has placed a cookie on the machine. The cookie file for goto.com contains the following information:

UserID A9A3BECE0563982D www.goto.com/

Note that there probably are several other values stored in the file after the three shown above. That is housekeeping information for the browser.

• session-id-time 954242000 amazon.com/
• session-id 002-4135256-7625846 amazon.com/
• x-main eKQIfwnxuF7qtmX52x6VWAXh@Ih6Uo5H amazon.com/
• ubid-main 077-9263437-9645324 amazon.com/

The vast majority of sites store just one piece of information -- a user ID -- on your machine. But a site can store many name-value pairs if it wants to. A name-value pair is simply a named piece of data. It is not a program, and it cannot "do" anything.
A Web site can retrieve only the information that it has placed on your machine. It cannot retrieve information from other cookie files, nor any other information from your machine.

The Web site stores the data, and later it receives it back. A Web site can only receive the data it has stored on your machine. It cannot look at any other cookie, nor anything else on your machine. The data moves in the following manner:
If you type the URL of a Web site into your browser, your browser sends a request to the Web site for the page. For example, if you type the URL http://www.amazon.com into your browser, your browser will contact Amazon's server and request its home page.
When the browser does this, it will look on your machine for a cookie file that Amazon has set. If it finds an Amazon cookie file, your browser will send all of the name-value pairs in the file to Amazon's server along with the URL. If it finds no cookie file, it will send no cookie data.

Amazon's Web server receives the cookie data and the request for a page. If name-value pairs are received, Amazon can use them. If no name-value pairs are received, Amazon knows that you have not visited before. The server creates a new ID for you in Amazon's database and then sends name-value pairs to your machine in the header for the Web page it sends. Your machine stores the name-value pairs on your hard disk. The Web server can change name-value pairs or add new pairs whenever you visit the site and request a page.

There are other pieces of information that the server can send with the name-value pair. One of these is an expiration date. Another is a path (so that the site can associate different cookie values with different parts of the site).

You have control over this process. You can set an option in your browser so that the browser informs you every time a site sends name-value pairs to you. You can then accept or deny the values.