This post is demonstrated using php. I presume in other language it's the same.

The cookies are small files saved in client computers when visiting web server. information like username and password can be saved in cookie, so the next time you visit the website, you don't have to reenter, it automatically log you in.

Of course people can make programs that stole your information from cookie. (but cookies are usually encrypted and secured,unless you didn't save it correctly).

Today I found a very interesting bug, well, an observation.
in php, the syntax is

setcookie(key,value,expiration time,path,domain,...);

One thing to note for the path is: if the path contain special characters. such as '~', then it behaves differently in different browsers.

suppose you have to save a cookie

setcookie("name","foo",0,"/~bar/","www.domain.com")

Then when you visit http://www.domain.com/~bar/ you should be able to retrieve the cookie. This is generally true.

BUT, for security reasons, many people like to url encode the path to prevent the site from XXS attacks in other places and forgot to decode it. (It encodes special characters to other formats.) if you do url encoding on '~', it's %7E.

Then when you set the cookie, you actually doing

setcookie("name","foo",0,"/%7Ebar/","www.domain.com");

This cookie can be loaded in FireFox, but NOT GOOGLE CHROME!!!!. CHROME will not load this cookie, and it will appear that you are not logged in.

I am not sure if this is a bug in browser, or they did this for a reason. So be sure that you url decoded the PATH variable when you set cookies.