Cookies are bad with strong auth in web apps

Here is a great write up by VeriSign on why using cookies for mutli-factor authentication is a bad idea. I think they obviously have a solution up their sleeves which will make them money, but besides this I think the point is still valid. It's well worth the read.