The GDPR talks about online identifiers, of which cookies, IP address and fingerprints are examples. If you read any regulator's guidance carefully, you'll see they talk about "cookies and similar technologies", with just "cookies" being used alone for brevity.
To rephrase tracking of any kind is the issue, not cookies. Don't mistake the implementation for the activity.
Disclosure: Founder of a non-tracking web analytics service because of this exact issue.