But isn't all data just a program waiting for the right interpreter ?
On my computer there are files that contain text - this is just data. The same file content is the same data whether the name is xyzzy.txt or xyzzy.c or xyzzy.py or xyzzy.java - just data.
Passing the content of all of these files (all the same) to a word processor or c compiler or python interpreter or java compiler produces different results - some consider the content to be data to be displayed, some data to be compiled, some data to be executed.
So a cookie is data just like a .txt/.c/.py/.java file - but for some they consider the extension of the file to make the data different. So, define a cookie with the name '"Z80" that should have a hex string value (valid Z80 op-codes only) any website or browser that can read the value of the cookie can 'execute' the Z80 instruction on an emulator.
Is the cookie data or a program ? The name of the cookie is identifying the content/value of the cookie as a program, much like the .txt/.c/.py/.java extension of the file, and could possibly be considerd to be an instruction to execute the content as Z80 machine code.
How about cookie name "bash" and the value "rm -rf *" ?
So the presense of a cookie with a particular name CAN cause different behaviour at the server or client that recognises the cookie name, and the value of the cookie can do the same. No cookie of "alreadysignedin" instructs the server to act as if the user is not signed in and a login page should be shown, and presence with a value of "<valid session-id>" instructs the server to do all sorts of things, valid session verification, specific user information such a nickname and discount vouchers are displayed in the page.