Servlet cookies are given to clients that will access the servlet for the first time, so in case when the client will access again, authentication will be quick. Take note that cookies will also expire.
Servlet handles all request as a multi-thread. This means that all requests from client to a particular servlet will be handled concurrently by a single single servlet, running on different threads. For more on servlet multi-thread see my other post below: