Agree.

Many times what the server returns is dictated by what kind of client software a user is using. Cookies are obviously used by browser based clients, with full browser capabilities. MCP doesn't have those capabilities. How will the server know what to return?

I have separated handling for token based calls vs cookie based in my non-mcp projects.. because it suffers from the same issue.

Most of the endpoints, assuming the client talks to server using api's, work fine with cookies, some, do not.