No cookies? How are you supposed to implement token-based authentication? It would be fine, if you could trust that browsers implement web- and session- storage correctly, but, for the time being, cookies are vital. Or do we now have another browser that, by playing by its own rules, means that every well designed site has to have browser-based exceptions.
“How are you supposed to implement token-based authentication?”
Simple, you don’t. Either that or the ‘cookies’ become user-access objects not available to system processes or programs. The user would need to initiate use of cached information rather than the system and cookies.
Brave likely relies on a one-time session ticket requiring the website to do the identity caching -which most do anyways. No persistent caching. More work for the user and the website but more privacy and security too.