You want to avoid cookies entirely so that you don't need a cookie policy and that you don't need a cookie banner.
It's also significantly easier to convince a lawyer that you don't need these things if you can prove that there are no cookies whatsoever. And even then they'll be suspicious.
It's harder than it looks, just embedding a YouTube video for example already sets third-party cookies. Same with embedding a Twitter feed or Google Analytics. There are solutions for all of these things, but the standard/easy way of doing these things means your user gets a third-party cookie, which means you need the banner.
Of course I know that, but did you ever talk to someone who is not in technology but does have a say in determining what "we" need to do to cover "our" asses?
Say, a lawyer with the responsibility that all of our websites implement all of the relevant regulations?
You would think that they are up to date on what regulations you need to follow, but you'd be surprised. Many take a blanket "no risks under any circumstances" approach. These types can only be placated with the "we don't have any cookies at all" argument. And even then only barely.
What are "functional cookies"? Are analytics/telemetries cookies functional? Are cookies identifying google users so they can receive targeted content but also ads "functional"?
GDPR never bothered to specify. This is why GDPR is broken and sadly it broke the web.
There are many opinions online, but there is no authoritative, definitive answer. GDPR was made vague by design "to prevent future exploits". Even lawyers are arguing the details, three years after its introduction.
This made GDPR in effect one of the most expensive regulations we had to implement as IT companies. It is also so incredibly punitive that everybody choose to implement it in the most conservative way possible, at the expense of the UX. Thus the cookie popups and banners.
Instead of ranting and providing nothing but conjecture about how "expensive" GDPR is (whatever that means), or insinuating that lawyers "arguing" about something proves that legislation is ineffective (that's literally their job), refer to first hand sources and ask constructive questions in good faith about what you don't understand. Here's one example: https://gdpr.eu/cookies/
Both first party session cookies and "shopping cart" cookies are mentioned as explicit examples of cookies that do not require prior consent and are unlikely to cause any concern.
It's the ePrivacy Directive that regulates them (or, more precisely, "information stored in the terminal equipment of a subscriber").
And the ePrivacy Directive does, in fact, define what's allowed without notifying the user:
"any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user."
It's also significantly easier to convince a lawyer that you don't need these things if you can prove that there are no cookies whatsoever. And even then they'll be suspicious.
It's harder than it looks, just embedding a YouTube video for example already sets third-party cookies. Same with embedding a Twitter feed or Google Analytics. There are solutions for all of these things, but the standard/easy way of doing these things means your user gets a third-party cookie, which means you need the banner.