Cookies are generated on the server in response to a client requesting a URL. A CGI (Common Gateway Interface) script is typically used to implement cookies. The CGI script sends a "Set-Cookie" header as part of the HTTP response, as illustrated in the following MouseOver:

The cookie mechanism in a web browser lets you store small pieces of information on the client computer in a reasonably secure manner. In other words, when you need information to persist at the client level while either loading HTML documents or moving from one session to another, the cookie mechanism saves the information on the user's computer. The cookie is commonly used as a means to store the username and password that is entered into a password-protected web site.
The first time you enter this information into a form, the server-side form processing program has the browser write the information back to a cookie on your hard disk (usually after encrypting the password). Rather than bothering you to enter the username and password the next time you access the site, the server searches the cookie data stored for that particular server and extracts the username and password for automatic validation processing behind the scenes. Other applications of the cookie include storing user preferences and information about the user's previous visit to the site. Preferences may include font styles or sizes and whether the user prefers viewing content inside a frameset or not.
A time stamp of the previous visit can allow a coded HTML page to display highlighted images next to content that has changed since the user's last visit, even if you have updated the page several times in the interim. Rather than hard-wiring new flags for your last visit, the scripts highlight what is new for the visitor.

Cookie Header Elements
In the next lesson, you will learn about the functionality that server-side scripts provide.