Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders. Cookies are created when you use your browser to visit a website that uses Cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customisation functions. The website stores a corresponding file (with same ID tag) to the one they set in your browser, and in this file, they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website; such as an email address.
Cookies are often indispensable for websites that have huge databases, need logins, have customisable themes or other advanced features.
Cookies usually don't contain much information except for the URL of the website that created the Cookie, the duration of the Cookie's abilities and effects, and a random number. Due to the little amount of information a Cookie contains, it usually cannot be used to reveal your identity or personally identifying information.
Website servers set Cookies to help authenticate the user, if the user logs in to a secure area of the website. Login information is stored in a Cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over.
Session Cookies are also used by the server to store information about user page activities so users can easily pick up where they left off on the server's pages. By default, web pages really don't have any 'memory'. Cookies tell the server what pages to show the user so the user doesn't have to remember or start navigating the site all over again. Cookies act as a sort of “bookmark” within the site.
Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.
AllAboutCookies.org - http://www.allaboutcookies.org