Hacker News new | ask | show | jobs
by mcpackieh 1019 days ago
Strictly necessary cookies do not have to be session cookies. If you read https://gdpr.eu/cookies/ it says they generally will be session cookies, not that they must be. If you think it is appropriate for your users to be already logged in the next time they run their web browser, using a persistent cookie for that is permitted.
1 comments
friendzis 1019 days ago
Yes, they can become persistent once you get consent or other grounds. You probably get that consent in registration form and "recall" it on login. Otherwise you process data from across sessions, which is a huge red flag.
link
mcpackieh 1018 days ago
Wrong, you don't need consent for these kind of cookies.
link