This is a nice little resource. One positive about cookies that may be missing (but is admittedly a bit of an edge case) is that they're your only option for storing auth/bearer tokens across subdomains if that's a use case you need to support (e.g. a dashboard that stays auth'd across language specific subdomains - de.example.com, es.example.com, etc). As far as I know, being able to store the token against the apex .example.com is something you can really only do with cookies (when it comes to default web storage options).