Storing a Cookie on the browser's computer

Once a browser receives a Set-Cookie instructions it immediately decides what to do with it. It essentially has 4 choices:
  1. Reject the request. Don't store the cookie and never return the reminder on subsequent requests.
  2. Accept the request, but limit the life span of the cookie not to what is asked for in the specific request but rather only to the length of the browser session. This is essentially turning a "persistent" cookie into a "session" cookie.
  3. Accept the request, but limit the circumstances under which the cookie is returned to first party context (see later description).
  4. Fully accept the request
Where and how the cookie is actually stored depends not only on the browser but the browser version. Session cookies are in fact typically never committed to persistent storage on the computer's hard drive. Persistent cookies are usually written in some way to the hard drive. Persistent cookies are typically stored in some in accordance with the rules set forth by the browser. Note that the cookie doesn't get to decide where it is stored. That is completely dictated by the browser.

It is very much worth noting that cookies actually store exceedingly small amounts of data. zip=90210 represents 9 bytes of data. By comparison music is usually stored at around 963062 bytes per minute, meaning one 3 minute song at 2,889,186 would represent about 321,000 name values pairs like zip=90210. Note this is NOT a perfectly accurate comparison, but it conveys the basic message that cookies aren't eating up your hard drive.

Additionally cookies are merely data which is accessed by your web browser. They are not code which operates on its own. They interact only with your browser and not the underlying operating system. They do not *slow computer performance, cause pop-ups or any other such nonsense.

*To be 100% technically correct it is fair to mention that if too many cookies of large size are stored and replayed with requests to a website/service it could in effect slow that connection by creating a larger request. This is really a bit pedantic and as a practical matter not really a consideration for those not on 14.4k modems (circa 1992).