I'm going to get technical here, hopefully I won't lose you
A URL can have variables passed in the URL, as in www.3rdKey.com?session=1gH5-89RT-xX5b And the server can use the value for session to look up the session in the database, discover that it is a valid session, and that so-and-so is logged in, and then give this browser access to anything and everything that so-and-so would have access to.
The thing is, while I'm sitting in an internet cafe, or the library, using 3rdKey.com (or some other secure site), anyone can look over my shoulder and see the URL, and copy it, and put it in on their own device. And voila, they've got access to my account.
Inside a cookie, not only is it not visible, it's actually tied to a specific browser on a specific device, so it's more secure.
This is only one reason we need cookies
Less critically, a cookie can hold data for a long time, like the users ID. So if you're on the same device, using the same browser, you can tell the server to "remember me" and you won't have to put in your user name every time to visit the site, just the credentials.
Are Cookies Dangerous?