Cookie is a small text file that is stored by a browser on the user’s machine. Cookies are plain text;A Server instructs a browser to store this information and then send it back with each subsequent request based on a set of rules. Web servers can then use this information to identify individual users. Most sites requiring a login will typically set a cookie once your credentials have been verified, and you are then free to navigate to all parts of the site so long as that cookie is present and validated. Once again, the cookie just contains data and isn’t harmful in and of itself.

The server sends a Set-Cookie: name=value in its response header to set the field. If there is a cookie set then the browser sends a Cookie: name=value

Webkit uses soup library for handling network request along with cookie handling. As from above notes it is clear that server sends cookie information in its response header and soup library is responsible of handling all types of http request and response in webkit.

References:
http://www.nczonline.net/blog/2009/05/05/http-cookies-explained/