Cookies in a Gaming Portal

Authentication and authorization are two concepts that form the basis of security in a web portal. However, a web portal is secure even when only one of them is implemented. Comment on this statement, supported by appropriate reasons and examples. A gaming portal, which allows users to play games online, gathers information about the system of the users, when they first visit the portal and register to load a particular version of a game. The portal stores the information in cookies. If the users have disabled cookies on their machines, the portal script can handle this in two ways: Show an alert to the users that the portal will not work properly if the users do not enable cookies. Use cookie-less sessions, by using the URL method for passing the Session ID instead of cookies.

Which of the two ways do you think is easier and better in terms of performance? Why?.