"Cookies" are an HTTP technology, more protocol than programming language. See http://en.wikipedia.org/wiki/HTTP_cookie for the gory details. Cookies live in the exchange between server & browser, tokens passed back and forth with each request & response. They only support textual data. Data in Cookies is exposed with each request & response, so it is a very bad place to store sensitive information.
Within Servlets & JSP, we use HttpSession, which encapsulates the low-end details of working with the Cookie. When using an HttpSession, only a unique identifier is passed back and forth in the Cookie, and session attributes (which can be any java object) are stored in memory by the server. These attributes are never sent with the request & response (unless you write your program to do so), so it's more secure than data in a Cookie.
Generally in Servlets & JSP, there is no need to deal directly with the Cookie. The exception is when you need to exchange simple, non-sensitive data with another web application.
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower