I was reading the wiki for cookies and they said it is needed to retain stateful information such as item in cart etc. But why do you need to do it? Why don't just store the state in database table for example?
You can store the state in the db but you need to know who is the owner of that state, so you need to identify the client in between the requests.
Think of the cookies like a caller id for the browser. That is their main use. When you hit my web server the first time with your browser, I say, 'hey, let me set this caller id somewhere on your browser' so next time when you call, I'll just read it and then I know it's you again. Once I know it's you, then I can look in my db for more info, such as your cart items.
Also the caller id I set can't be read or modified by other websites, if they want to identify you they need to set their own.