It depends on the app. One app might have a "shopping cart," stored in a cookie, while for another app that wouldn't apply.
No, though that's probably the most intuitive example. Anything where there's continuity over a sequence of interactions. If I go to a class list application and specify that I'm interested in my class list for fall 2024, and it shows me CS 304 and CS 204, and look at CS 304 and then I don't have to tell it again that I'm interested in fall 2024, that would be nice.
And you could do that with a cookie.
There are alternatives, such as URL rewriting, but cookies are the most common and convenient.
Fun trivia fact: in The Matrix, Neo had to accept a cookie from the Oracle before she would talk to him. Many people think this is a tech joke.
Great question. There are several options:
It digitally signs (but doesn't encrypt) the session data. So, if the user tampers with the data, that can be detected and the tainted cookie can be discarded.
Depends on the cookie. If it's a cookie that says who is logged in, you would want to delete that or set it to the empty string to indicate that the person is no longer logged in.
But, yeah, other data could be kept.
Well, they are limited in size, so you're not going to store a profile picture in the cookie, even if you converted the picture to text, say by UU encoding or Base64 encoding.
But reasonable amounts of text (or anything that can be converted to text) could be stored.
It depends on the application, but generally, application usage falls in one of two categories:
Cookies are limited in size. In many applications, such as Google Analytics, the cookie is just a unique identifier that is a key in some database. The database could store a lot of stuff.