cookies are set for a session or given a life and are only accessible by a domain and any subdomains.
simple keyword value pairs (plus domain and time).
any cookies that apply to the domain get sent by the user agent with the HTTP request.
you can check and act on any cookies server side.
then you create a new/modified set of cookies which gets returned with the HTTP response.
cookies are handled by the CGI standard.