phranque - 12:57 am on Dec 14, 2011 (gmt 0)

the user agent (browser) sends with each HTTP request all cookies it has stored that are within the scope of the requested resource.
the cookies are sent as HTTP Request headers.

the server may send a number of Set-Cookie HTTP Response headers as required by the application.
the user-agent may store or ignore these cookies.

you should probably read the IETF RFC on HTTP State Management Mechanism:
http://tools.ietf.org/html/rfc6265 [tools.ietf.org]