fbpx
What are session cookies

What are session cookies? Do they need consent?

Published on October 27, 2021

Cookies are small text files that a website stores on your device (smartphones, computers etc.) when you browse the internet. They are created when your browser loads a particular website, and the site sends information to your browser which then creates a text file. Cookies can store a range of information, including personal data (such as name, home address, email address) and information about your preferred language or location etc. that allows the site to present you with information customized to fit your needs.

What are session cookies?

Session cookies are cookies that last for a session. A session starts when you launch a website or web app and ends when you leave the website or close your browser window. Session cookies contain information that is stored in a temporary memory location which is deleted after the session ends. Unlike other cookies, session cookies are never stored on your device. Therefore, they are also known as transient cookies, non-persistent cookies, or temporary cookies.

How do session cookies work?

The session cookie is a server-specific cookie that cannot be passed to any machine other than the one that generated the cookie. The server creates a “session ID” which is a randomly generated number that temporarily stores the session cookie. This cookie stores information such as the user’s input and tracks the movements of the user within the website. There is no other information stored in the session cookie. 

session cookies working
Session cookies are set on a device’s temporary memory when a browser session starts.

What is the purpose of session cookies?

A website itself cannot track a user’s movement on its webpage and treats each new page request as a new request from a new user. Session cookies allow websites to recognize users within a website when they move between web pages. These cookies tell the server what pages to show the user so the user doesn’t have to remember where they left off or start navigating the site all over again. Therefore, without session cookies, websites have no memory. Session cookies are vital for an improved user experience on online shops and websites when the functionalities depend on users’ activities.

What are session cookies examples?

The most common example of a session cookie in action is the shopping cart on eCommerce websites. When you visit an online shop and add items to your shopping cart, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to checkout. Without session cookies, the checkout page will not remember your selection and your shopping cart will be empty.

Session cookies also help users to browse and add items to the shopping cart without logging in on an eCommerce site. Only when users checkout, they have to add their name, address, and payment information. 

Are session cookies GDPR compliant?

Session cookies fall under the categorization of ‘strictly necessary cookies’ under the General Data Protection Regulation (GDPR), applicable in the European Union and the UK. Strictly necessary cookies like session cookies are exempt from the consent requirements underlined in the GDPR. Therefore, session cookies are GDPR compliant. 

Strictly necessary cookies are essential to navigate a website and use its features and functionalities. Without them, you wouldn’t be able to use basic services like logging in on a website or adding items to a shopping cart etc. GDPR exempts these cookies from consent requirements as they do not gather any personal information about users. 

Do you need consent for session cookies?

As session cookies are set by the first-party (the website you visit) and are necessary to keep track of your navigation through the website and remember user inputs, they do not require consent under GDPR. Websites can set session cookies on a user’s device without consent but should provide information on what these cookies do and why they are necessary. This is usually done via cookie consent banners.

This cookie consent banner from CookieYes shows that necessary cookies are set by default.

Create a custom cookie banner for your website

Sign up on CookieYes and create a cookie banner with tailor-made features, advanced CSS customizations and branding. You can geo-target and auto-translate your cookie banner to 30+ languages worldwide. Record all user consents, create a cookie policy and manage all cookie compliance needs in a single dashboard.

Try it for free

How to check if my website uses session cookies?

Most websites use cookies. The easiest way to find out if your site uses cookies is to conduct a cookie scan. You can use the free cookie scanner from CookieYes. The scanner will crawl through your websites, activate hidden cookies and trackers, identify and categorize them and generate a cookie audit report.

Now that you’ve scanned your website and have detailed information about cookies on your website, it’s time to take a step towards privacy law compliance. CookieYes is a cookie consent solution that helps over 1 million websites worldwide to get GDPR, LGPD, CNIL and CCPA compliant.

In the EU and UK, all cookies other than strictly necessary cookies require explicit consent from users. CookieYes will help you collect valid consent on your website as per GDPR cookie consent. It will take 3 simple steps!

The features you get on CookieYes:

  • Cookie banner with full customization 
  • Auto-translation of cookie banner in 30+ languages
  • Cookie scanner to keep your cookie list up-to-date
  • Granular control feature to selectively enable or disable cookies 
  • Automatic Third-party cookie blocking prior to getting consent
  • In-built privacy and cookie policy generator
  • Record and log of user consent and their cookie preferences
  • Geo-targeting banner for GDPR and CCPA compliance

FAQ on session cookies

Why do cookies require consent?

Online identifiers like cookies, IP addresses, advertising IDs, pixel tags, account handles, device fingerprints, radio frequency identification (RFID) tags, can be used in combination and used to create profiles of individuals and identify them. Hence, cookies can be considered personal data and are subject to privacy laws like the GDPR, LGPD (Brazil), CCPA etc. 

What are performance cookies?

Performance cookies allow websites to provide an enhanced user experience by remembering the users. These cookies evaluate the performance of a website by collecting information on how visitors use the website.

What are functional cookies?

Functional cookies are cookies that ensure a website functions properly. Cookies that allow user registration or remember username and password for automatic login and a user’s site preferences (such as the language preference) are examples of functional cookies.

What are analytics cookies?

Analytics cookies are used to count the number of visitors on a website and track how users navigate and interact with a website i.e. they study a user’s activity on your site. Analytics cookies like Goggle Analytics, Hotjar,  help the website owners improve the website.

What are advertisement cookies?

Advertisement or tracking cookies are used by websites to track the activities and behaviours of users online so as to provide them with personalized advertisements. These types of cookies are often persistent in nature and are usually installed on a user’s browser by third parties.

What are persistent cookies?

Persistent cookies are cookies that are stored on a user’s device for a considerably longer time. Therefore, they are also known as permanent cookies. Persistent cookies recognize users and remember their browser settings or preferences on their subsequent visits and help websites to provide better user experiences. 

What are first-party cookies?

First-party cookies are placed on a user’s browser by a website or a domain the user visits directly. These kinds of cookies are being set for purposes like collecting analytics data, remembering browsing options such as language or location settings, and carrying out other activities that improve the browsing experience of users.

What are third-party cookies? 

Third-party cookies are issued by any party apart from the website or a domain that a user visits directly. A third party can be referred to as an advertiser who provides targeted ads; or services that help website operators add third-party elements (e.g. live chat, social-media buttons, Google Maps element, etc.) on their site.

How do I stop blocking session cookies?

If you have cookie blockers or enabled cookie blocking on via browser settings, sometimes you may not be able to use certain websites or its functionalities. In that case, you can modify cookie settings on browsers using our guide: How to check cookies on your website manually

What is the difference between session cookies and persistent cookies?

Session cookies do not retain any information on your device or send information from your device. These cookies are deleted when the session expires or is terminated when the browser window is closed.

Persistent cookies remain on the device until you erase them or they expire. They are ideal for storing information, for instance, persistent cookies help you stay logged in on a website even if you close your browser window.

Should I always allow session cookies?

Session cookies are essential for a website’s functionalities or for it to deliver a service that it intends to. They are also exempt from consent requirements under privacy regulations like the GDPR. Privacy-conscious users can therefore allow session cookies as they do not store any information/personal data and help the website to operate without any troubles.

Where are session cookies stored?

Session cookies are stored in the computer’s memory temporarily and are never stored in the disk.

Where are non-session cookies stored?

Persistent Cookies are stored on a user’s device i.e. on placed on the device’s hard disk.

Do session cookies expire?

Session cookies usually expire at the end of an internet browser session i.e. when the user closes a browser or tab. By default, there is no timeout or expiration timestamp for the session cookies 

What information does a session cookie contain?

No personally identifiable data is collected by session cookies. They contain only a random number identifier that is used to index the server’s session cache. 

Start a 14-day free trial

Trials start with all our features enabled. Cancel anytime. No credit card required.