[a13n]

I mean at the end of the day whether you store it in the cookie or the URL it’s still persistent key value storage for tracking purposes, so I don’t see why the EU’s stance would be any different. It’s effectively still a cookie.

Some activities and cookies are allowed by GDPR without requesting consent, and anonymous analytics (even google analytics) is included in this, so you don’t actually even need a cookie banner to do what you’re trying to do here...

I think from a legal standpoint this is no better than cookies, it doesn’t change whether you need consent or not.

[ahmedelsama]

In addition, if you are using Saas products like Shopify, you already have unique urls for carts and orders so you can also use that without any additional engineering.

[ahmedelsama]

Honestly putting the cookie as a param is pretty clever. The challenge with cookies is there are often many cookies that point to one person. Imbedded browsers, multiple devices, cookies being refreshed by browsers. So seeing the full journey requires stitching all the cookies