From the “hills I’m willing to die on” department: Cookies are 100% evil, they should never have been added to the web platform, and the world would be a better place if the HTTP auth mechanism had been continuously extended and improved instead

Are you aware of some RFC or articles where soeone tackled this in a broader scope? The replies to this tweet are just a random collection of problems but I'd like to get an idea of how an alternative might look like.