In some sense it's a bug in client software, that allows information to be stored for eventual inclusion in future requests (i.e., like a regular browser cookie), but outside the ability of the user to monitor or delete (unlike a regular cookie). For some time people mostly blamed this on Flash, but there are probably other ways for old and/or strangely-configured clients to screw up like this.
In some sense it's a bug in client software, that allows information to be stored for eventual inclusion in future requests (i.e., like a regular browser cookie), but outside the ability of the user to monitor or delete (unlike a regular cookie). For some time people mostly blamed this on Flash, but there are probably other ways for old and/or strangely-configured clients to screw up like this.