In my experience, the browser doesn't reliably send the username and password with each request so you get a bunch of re-queries. Cookies don't have that problem, they're always sent.
At least, that's what I saw on the intranet site I built, switched to authenticating with a login page and cookies instead because of it.