This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Firstly there are two types, persistent and session cookies. The persistent type get written to the filesystem, the session ones get destroyed when you close the browser.
It is poor form to use them as a type of persistence though. Firstly they can be blocked by many browsers or deleted by users, so you can't rely on them. They are also accessible by the user, so the user can read the data and potentially change it.
Consider a simple case where someone logs into your system and to prevent them having to log in again, you write their user ID to their local file system as a cookie. By changing the cookie value, the user now has the ability to log in as anyone they like.