[Aunche]

> GDPR does explicitly legislate against all that - dialogues should be "opt-in"

That's can't be a real part of GDPR, can it? I don't see how you can fine someone for shitty website design.

[the_gipsy]

They should, in theory, fine websites that do install cookies before you give consent, or refuse to give sevice that doesn’t strictly require cookies (e.g. an article).

[Aunche]

If the cookie only stores the preference to not show the dialog box. That should be GDPR compliant.

[RandomInteger4]

You should be using localstorage from the web storage API and not cookies. Cookies are sent to the server with every request. Local Storage is not.