Cookies are not needed. They are shifting the security onto the user. Secure the information on the server just like any other business. Offloading onto the client is wrong. It leads to ambiguity and abuses. Visiting a store and a business on the internet are no different. My presence gives no right to my person, searches, or tracking in the location or outside of it. Intentions are worthless. The only thing that matters is what is possible and practiced. Every loophole is exploited and should be mitigated. The data storage and coding practices must change.