As to why it needs cookies: it's just the most reliable way to tell the
server that you're logged in, and who you're logged in as. Your IP address
alone isn't enough to do this, because multiple people could be using the
same IP address and it could change. You probably wouldn't like someone else
to be logged in as you when they are given your old IP address!
The only other way for the server to remember that you're logged in, that I
can think of, is to insert some sort of ID tag in the URL. Amazon did this in
the past for its shopping cart; I don't know if it does anymore. The problem
with this approach, though, is that it relies on you getting around by
clicking the links on the page; for example, if I open a bookmark to a forum
post, and this method was used, I'd find myself logged out.
There are many other cases where cookies are typically required, and when
something fails because of cookies not being accepted, it can be hard to tell
that it's a problem with cookies. This is why I accept all first-party
cookies, but delete them when I close the browser.
