These aren't cookies in the traditional sense, they encode tracking data and store it in a non-volatile storage accessible from the browser this can be anything from a simple cache to a WebSQL database.
Then they use Javascript to either read the tracking data directly and embed it into each request manually, or issue you a new cookie immediately if their tracking cookie is missing but the data is still accessible.
The main problem with these types of tracking is that for the most part browser manufacturers have no reason to restrict the use of such tracking techniques because it will affect their business models.
Other techniques abuse unforeseen uses of new standards such as HTML5 and WebSQL however as the W3C is your usual comity it takes years for any meaningful stance to be taken, and even then they still have quite a bit of conflicting interests.
The problem is that people want a free web, both as in free speech, and as in free beer and these world views tend to collide when pretty much everything out there is commercial.
With how little revenue actually comes from web ads these days due to the constant devaluation of "ad clicks" companies go out of there way to squeeze every penny from each visitor. What you end up is with tracking, tailored advertisement and your habits being sold for data mining.
What I mean is, when they regenerated the HTTP cookie from other sources, they generated the exact same cookie, so you could tell.
If they change it to say `encrypt(tracking number + nonce)`, then it will be effectively the same cookie, but you wont be able to tell from the client perspective.
Many times don't regenerate the exact same cookie. Many of them generate a different cookie to avoid detection many of them will have random names and other "random" identifiers, some of them will even attempt to hide them selves as GA cookies(UTM UTA etc), however they will always embed the same identifiable information they've retrieved from other stores in your browser.
Then they use Javascript to either read the tracking data directly and embed it into each request manually, or issue you a new cookie immediately if their tracking cookie is missing but the data is still accessible.
The main problem with these types of tracking is that for the most part browser manufacturers have no reason to restrict the use of such tracking techniques because it will affect their business models.
Other techniques abuse unforeseen uses of new standards such as HTML5 and WebSQL however as the W3C is your usual comity it takes years for any meaningful stance to be taken, and even then they still have quite a bit of conflicting interests.
The problem is that people want a free web, both as in free speech, and as in free beer and these world views tend to collide when pretty much everything out there is commercial. With how little revenue actually comes from web ads these days due to the constant devaluation of "ad clicks" companies go out of there way to squeeze every penny from each visitor. What you end up is with tracking, tailored advertisement and your habits being sold for data mining.
But hey the cat videos are still free!