What are Session Cookies and do They Need a Cookie Consent?
ON THIS PAGE
Cookies are small text files that are kept on users' devices, such as smartphones or computers, that allow proceeding through many pages of a website quickly and conveniently without having to authenticate each single web page. When your browser access a particular website, the website transmits information to your browser in the form of cookies. Cookies maintain track of all of the activities you perform on the website. They can store websites' login details, personal data, such as name, home or email address, and your preferences on a website, such as your preferred language, geo-location, etc. that increases your browsing experience and allows presenting you with personalized information. Website cookies are permanent, they are stored on the user's device for months or longer. There are performance, performance, tracking, targeting, and strictly necessary cookies, which are permanent.
What are Session Cookies?
Session cookies are cookies that last just for a single session that starts when you open a website or app and ends when you close them. Session cookies are also called transient cookies, non-persistent cookies, or temporary cookies. They are only stored temporarily and are deleted after you leave the web page. Many websites use session cookies for essential website functions.
Web pages have no memories- the HTTP protocol does not track the user's behavior, and the web server does not recognize the user as they are navigating different web pages or apps. Without a cookie every time you open a new web page the server would treat you like a new visitor.
Session cookies are used to recognize the user when he moves from page to page within a website and to remember any information the user has entered. These cookies inform the server what pages the user has visited and the actions performed, so the user doesn’t have to remember his actions himself and doesn't need to start navigating the site all over again. Session cookies are needed for e-commerce sites to remember items placed in a shopping basket, and for websites whose functionalities depend on users’ activities. These cookies store the user’s input and track the user's movements within the website.
How do Session Cookies Work?
Session cookies are server-side cookies that store user information. They can be passed just to the device that generated the cookie. The server creates a Session ID which is a randomly generated number that temporarily stores the session cookie. Every single session is unique to the individual user. There is no limit to the number of sessions that the user can have. A user can be recognized with the help of a session cookie, which can have the form of a cookie, a form field, or a URL.
When the user closes the browser or logs out of the program, the session ends and the session cookies are deleted. So they are temporary cookies used just for a single session.
To summarize, the browser sends a request to the website server to access the website. The server generates session cookies and sends them to the browser, together with the required website information. The browser loads the web pages and stores the received cookies in the temporary memory.
You can adjust your session cookies through the settings feature of your internet browser.
Differences between Browser Cookies and Session Cookies
Working principle
Session cookies are server-side cookies. The website cookies keep the data solely on the client's side, whereas the session cookies keep the data on both the client's and server's sides.
Duration
Website cookies expire after the time, specified by the user. They can last for months. Session cookies last for a single session, which ends when the user closes the browser or logs out of the program.
Data storage
Browser cookies can only store a limited amount of data. A maximum capacity of a browser cookie is 4 KB of data. Session cookies are able to store an unlimited amount of information since they store the data on the server. There is a maximum memory restriction of 128 megabytes that a script may use at one time, however, an unlimited amount of data could be stored within a session.
Data format
Browser cookies store information in a text file. Session cookies store information over the server more securely, in an encrypted format, so the information cannot be altered. In addition to this, session cookies can transfer the information from one web page to another in the form of value. Session cookies can be used as an alternative for browser cookies in web browsers that block browser cookies.
Function
Session cookies are used to recognize the user when he moves from page to page within a website during a single session. Website cookies are used for a variety of reasons: strictly necessary cookies are vital for websites to perform their actions, performance cookies examine how users navigate the website, advertising cookies are used to show personalized ads, etc.
Session Cookies Examples
The most common example of a session cookie could be found on e-shopping sites. Session cookies are needed for the shopping cart to function properly. When you visit an online shop and add items to your shopping cart, the session cookie remembers your selection when you navigate through the website until you are ready to checkout. Without session cookies, the e-shopping website would not remember your selection and you could not buy your items.
Session cookies allow users to add items to their shopping cart without initially logging in on an e-shopping site. The users can enter their data, such as name, address, and payment information, during checkout.
Are Session Cookies GDPR Compliant?
Under the General Data Protection Regulation (GDPR), session cookies are considered strictly necessary cookies, and thus do not require prior Cookie Consent. Strictly necessary cookies usually are first-party cookies. They are essential for websites to run normally and let users go back and forth between websites without losing their previous actions.
GDPR does not require getting a cookie notice for strictly necessary cookies. Thus, even without Cookie Consent from a user, session cookies are GDPR compliant.
Is It Required to Get Consent for Session Cookies?
Session cookies are considered strictly necessary cookies, so they do not require prior Cookie Consent. Websites can set session cookies on users' devices without getting any consent. However, websites should inform about the usage of cookies and the purpose of using them. This could be done via a Cookie Consent banner.
Get a Cookie Consent banner from CookieScript, which is GDPR and other major privacy laws compliant and could be customized to fit the design of your website. It also helps to create a Privacy Policy and a Cookie Policy for your website and automatically scans your website for cookies and other tracking technologies.
Frequently Asked Questions
What are session cookies?
Session cookies are cookies that last just for a single session that starts when you open a website or app and ends when you close them. Session cookies are also called transient cookies, non-persistent cookies, or temporary cookies. They are only stored temporarily and are deleted after you leave the web page.
Are session cookies GDPR compliant?
Yes, session cookies are GDPR compliant. Session cookies are considered strictly necessary cookies. Under the GDPR, it is not required to get a cookie notice for strictly necessary cookies. Thus, even without cookie consent from a user, session cookies are GDPR compliant.
Is it required to get consent for session cookies?
Session cookies are considered strictly necessary cookies. Under the GDPR, it is not required to get a cookie notice for strictly necessary cookies. Thus, you do not need cookie consent for session cookies.