As Pinotage says they are a small text based file that can be opened in notepad.
They are created by scripting in a webpage (php,javascript, ASP etc.) and each time you visit the domain that created that particular cookie they can see their cookie that they created and use it for storing such data as usernames/passwords, number of times you visit the site, shopping trolleys on e-commerce sites.
Despite many 'puter users concerns, cookies are not visible to another domain so a cookie created by a site at fred.com can't be read by a site at john.com so your passwords/usernames etc are safe in that respect.
If your 'puter is not virus/trojan protected some virus' and trojans can read your cookies and send their content back to the virus/trojan maker.