cookies provide a means of remembering user session, preferences, etc. and don't provide a means of authentication in and of themselves afaik. So cookies are used usually together with HTTP BASIC authentication mechanism, for the authentication itself. That's where you would normally have a .htpasswd access file on a unix/linux web server to setup users and passwords for access, and the web browser shows a simple (unencrypted) login dialog.