Cookies are harmless bits of text stored by your browser in your browser’s temp/cache directory. Our server asks your browser to remember some bit of text (a cookie), and your browser then sends that bit of text (cookie) to us when you visit our site. The cookies are generally used to provide personalization of web pages. A cookie can be used to store such things as the last 5 searches you did (so you can redo them), your encrypted user id (so we know you are logged in, and who you are).
While cookies are themselves harmless, in the past they have been abused by some large internet advertising companies, who (because of having their advertising banners on large numbers of sites) have been able to connect your visit to one site with your visit to another site (where they have advertising) and in this way develop a "profile" of you. This privacy issue is quite reasonably a concern. Fortunately, the web browsers released for the last several years provide protection for this type of third-party cookie abuse, as well as giving you control over which sites you allow to use cookies. We therefore feel that it is now appropriate to require the use of cookies to access some areas of our site.
Cookies are a practical necessity for web page personalization (which includes login/authorization management). Web browsers do not by design send web servers anything uniquely identifiable that allows us to accurately/effortlessly remember from one request to another who a user is. One mechanism for doing this before and since cookies has been to create a server-side "session id", which is then passed around through every single link and every single form post. This accomplishes the same end as cookies, but it is a chain very easily broken, since every single link/form needs to be dynamically generated to include this session id. This is an approach which requires more programming resources to implement and maintain, and which is less reliable than cookies. We cannot rewrite every application (including third-party applications) that we use on our site to keep this chain in tact. And any attempt to guess the session based on the browser headers is only so effective, and can be easily (and frequently) broken (because of request aggregation through big proxies like AOL, Earthlink, MSN, etc. and because of the privacy software often used by those who block cookies).
We have looked into this matter long and hard and have resisted requiring cookies until now. We now feel, though, that the use of cookies no longer represents the same risk to privacy it once did, because of the large number of users who have current browsers which reduce the threat, because of the existant ability to allow/disallow cookies by site, and because of the wide usage of privacy software programs.
We track the number of users who have cookie settings which need to be modified to access our site, it is roughly 0.1% of our users.