The principal architecture of HTTP, the transfer protocol for the Web, is by definition sessionless. That means that once a browser has completed loading a page from a server, the communication between the server and the browser is broken. So any illusion of a connection between the browser's user and the server is produced by the server creating a record of the session that inevitably terminates, and referring to that record later. The only decision a Web publisher has to make is where to store those records -- on a local database, or using remote cookies stored on the client.

For most publishers, that decision takes less than two seconds to make -- cookies are practically ubiquitous among Web sites. But for the United States Government, storing any record about a person using a government service is a privacy concern; and the decision of storing and retrieving government-generated data on a citizen's private computer raises the irresistible specter of conspiracy.

Since June 2000, US government policy has been not to store cookies on private citizens' computers, for reasons which at the time were explained as obvious. "Because of the unique laws and traditions about government access to citizens' personal information, the presumption should be that 'cookies' will not be used at Federal Web sites," wrote then-director of the Office of Management and Budget, Jacob Lew, in a policy memo. "Under this new Federal policy, 'cookies' should not be used at Federal Web sites, or by contractors when operating Web sites on behalf of agencies," unless clear and compelling reasons for doing so are presented in writing, Lew continued.
The problem with that policy is that it has a dramatic effect on the Web architecture choices that the government can make.
...