Cookies are a very weak form of Authentication. At best they are sufficient to remember a user's personal preferences in an application. They should never be used to transact business nor or access confidential information.
While strongly discouraged in real use, they are in suffiently wide use to be at least a documented alternative, some sample code, and maybe a simple test case.