A few reasons, but one of the primary ones is there needed to be a way to securely store the session or identity of the user on the client side. There are a few ways of doing this on the client; storing it in memory, using browser web storage, etc. But the most secure way (for users using a browser) is storing the data securely in a HTTP only cookie, and it's this aspect of the responsibilities that this library looks to handle.