A website can access another site’s cookies if the first party domain explicitly allows them, which would need to happen in this case. Sure, admins would have to allow which sites can access the cookie. But at least that burden is placed on admins vs the users.

Browser extensions arent secure and many mobile browsers dont support them, so that wouldnt be a proper solution. A lot of users use Lemmy on their mobile phones.