In general terms, cookies are now accepted everywhere, like visa. Almost every browser has the capability to handle cookies, and most of them have sophisticated ways of making sure that you don't accidentally give cookies to advertisers, even if the adverts appear on a site that is also handing out cookies.

Doing without cookies means embedding a unique number in every link, sort of like: http://mysite.com/cgi-bin/script.cgi?cookienum=32984563298745&action=showpage. Then every time someone clicks a link you extract the number on use it to load the session data. Quite painful, but certainly doable. It also gets worse if you generate a new unique number for each page (people can't press the back button any more).

____________________
Jeremy
I didn't believe in evil until I dated it.