Session cookies are temporary files that websites store on users' devices while they are browsing. These cookies are the backbone of the modern web, and are essential to maintain functionality such as the login status or items in the shopping cart, ensuring a continuous and uninterrupted browsing experience.
Not all cookies are the same: session cookies play a specific and important role, both for users and for companies, allowing websites to remember information about visitors while they are browsing without storing persistent data.
What are session cookies?
A session cookie is a small data file that is temporarily stored in the visitor's browser.
These cookies are designed to activate functions in real time, facilitating the continuity of the user session, for example keeping the user connected or memorising the items in the shopping cart, while exploring different pages.
A distinctive feature of session cookies is their temporary nature: they exist only during the browsing session and are automatically removed when the browser is closed.
How do they work in practice?
The process of creating and using a session cookie involves the following steps:
- Session Initialisation: When a user visits a website, the server creates a new and unique session identifier (Session ID) and sends it to the browser through a session cookie.
- Storing the Cookie: The browser stores the session cookie and sends it back to the server in all subsequent requests until the session is terminated.
- Session Handling: The server uses the Session ID to link the user's requests to a temporary session record. This record may include information such as the authentication status, user preferences and other session data.
- Session Termination: When you finish browsing and close your browser, the session cookie is deleted. If you visit the site again, a new session ID is created and assigned.
What are persistent cookies?
Persistent cookies, also known as permanent cookies, remain on the user's device even after the browser has been closed.
These cookies have a specified expiry date and can last for weeks, months or even years.
They are used to store information that also occurs during subsequent user visits, such as:
- Stored login credentials.
- Behaviour tracking for conversion and marketing analysis.
- Personalisation of the user experience by storing preferences such as language or graphic theme.
Key differences between session and persistent cookies
Some examples of how session cookies are used
- E-commerce: They keep track of the items in your shopping cart while you browse, ensuring a smooth checkout.
- Online banking: They keep you logged in during balance check or money transfer sessions, automatically logging you out after a period of inactivity for protection.
- Customer support: They keep live chat conversations active while you explore the site and change one or more pages.
- Content management systems: Platforms such as WordPress use these cookies to keep administrators secure.
GDPR and session cookies
The General Data Protection Regulation (GDPR) governs the use of cookies in the EU, giving users more control over their data.
Session cookies are generally considered ‘strictly necessary’ for the main operations of the site and do not usually require explicit consent.
Managing consent with My Agile Privacy
To simplify compliance processes and achieve smooth management, you can rely on innovative tools such as My Agile Privacy: a complete, easy-to-use GDPR solution that ensures constant and automated compliance.
