Cookies are more universal now, should be OK over both HTTP and HTTPS. If you are getting logged out, do this:
1.) Go to https://vogonhq.com/ucp.php?mode=delete_cookies & click on [Yes]
2.) delete cookies for vogonhq.com in your browser:
Chrome: chrome://settings/content/cookies?search=cookies
Firefox: about:preferences#privacy -> Remove individual cookies
Internet Exploder: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
In most cases, removing them from your browser is enough. Problems occur for non-secure users when site is supporting both HTTPS and HTTP connections and cookies are set to 'secure' (HTTPS only).
Cookies are used by phpBB only, to keep you logged in. Without cookies you get those &sid={long_string} URLs when browsing around, and if you remove 'sid' it cannot keep you logged in. In any case, it is more universal now.
Edit: best way to do it in 2017 is to force everything over SSL, it also affects search engine ranking (SSL sites are ranked higher), and any cookie needed can be sent securely. Will probably switch to HTTPS-only soon.