Using a cookie, all the session data is stored with the client. If the cookies at client side get corrupt, purged or expired, the information received won't be complete.
Some user may disable the cookies or their browser might not support them. Some users might have a firewall filtering out the cookies. So, you may either not receive the information or trying to switch to an alternate means may cause complexity.
Cookie based solutions work only for HTTP clients.
A low-level API controls the cookies. It is quite difficult to implement them.