Cookies vs Basic Auth

Question

Why almost all websites out there are using cookies instead of basic auth? It can\'t be only that the user/pass window is ugly and none of them is more secure. They are both

Answer 1

You have more control over cookies. You can encrypt them so that they are secure even without HTTPS. Basic auth is always unsecure over HTTP. Also cookies don't contain the password on each request. And, yes, what can I say, users like AJAX login forms and nice animated effects when logging in which unfortunately cannot be achieved with basic auth.