HTTP is a stateless protocol. When processing a request, the protocol (by itself) does not depend on results from any previous request.
However, many important web functions require maintaining a state. For example, some requests should only be processed if the user has logged in. Here the web application must maintain a state that keeps track of usr login. In general, web applications need to maintain information on the current session (the series of requests performed by a specific user). For rails, this information can be stored and retrieved from a session hash, which works much like a ruby hash table.
A cookie is a (very long) string that is stored on a web browser. The web application can encode information into the string and store it on the web browser. It can then later retrieve that information by accessing the cookie on the browser.
A rails application automatically uses a cookie to maintain session information. When interacting with a rails application, it's possible to see the cookie on the browser (for Firefox, look under Tools --> Options --> Privacy --> Show Cookies... --> search on localhost). Unless specified otherwise, the cookie expires when the session is over (i.e. when the browser is closed).
A Rails web developer doesn't need to work with cookies to maintain session information. Instead, information can be stored and retrieved using the session hash:
# store the user name in the session table session[:user] = "Sam" # get the user name stored in the session table retrieved_name = session[:user] # reset the session reset_session
By default, Rails uses cookies to store the session hash table.