There are two types of cookies that can be enabled on your browser.
1) Cookies that are stored on your computer. These are the cookies that allow you to leave a site, but have it retain your login information. One such example is tek-tips.com, and how you can persist your information across sessions.
2) Cookies that are left on a per session basis. These cookies are synonymous with Session variables and what have you. A new session cookie is made for each new visit that you have to any webserver. These session cookies last until either the session timeout/abandon, or you close your browser.
You can disable the 1st cookie and enable the 2nd, which in turn allows you to use Sessions but not to store a cookie to remember someone's login information.
So what happens if you disable both types of cookies? Well, you won't be able to Response.Cookie anything. But more importantly, the behavior of Sessions turns a little screwy.
The webserver will send out new per-session cookies for each page that you visit, so any user with all cookies turned off will have a session id. The problem is that this session id will only last for that page view, and will not be persisted across multiple page views on your site (which is why it is so difficult to check for Session availablity on the server-side).
So to sum up - there are two types of cookies: 1) persists data until explicitly deleted (or expired) 2) persists data until session abandon/timeout, or browser closes.
In MSIE you can see what I'm talking about by playing with your security settings.