Apart from session persistence the most important reason for using cookies or some other method beyond Apache's Basic Authentication is the need for a site
logout.
Normally browsers will keep issuing authorization headers to the server and maintain their authorized state because while the HTTP protocol defines authorization schemes unfortunately there is no common un-authorization scheme defined.
Here's where cookies and the likes can help. The server side can influence the validity and content of a cookie. Just set a cookie to a 'logout' status when the user requests to logout and the next roundtrip the browser issues an authorization header then decline the validity of that header.
There are many modules on CPAN that combine basic authentication with cookies (or even sessions) to get this result.