All About Cookies and Sessions in WordPress

The word cookies alone is mouthwatering. After all, who doesn’t enjoy a cookie or two? If you think you’re the only one who likes cookies, think again! Your computer browser may have a crush on cookies as well. Have you ever wondered how a lot of websites you visit remember things about you? Cookies are responsible for some of the personalization and behavioral targeting used on websites. Cookies are a useful tool that store temporary information in a user’s browser and then use this information to enhance user experience through personalization and behavioral targeting. Most WordPress websites set cookies at specific times, such as when a user logs in or leaves a comment. Many plugins also use cookies to store information that they need to work properly. Since the WordPress core is a stateless application, handling cookies can get a bit tricky. Keep reading as we take a deep dive into cookies and sessions in WordPress.

What Are Cookies?

“Cookies are files created by websites you visit. They make your online experience easier by saving browsing information. With cookies, sites can keep you signed in, remember your site preferences, and give you locally relevant content.”

A cookie is also referred to as a web cookie, tracking cookie, HTTP cookie, or browser cookie. Cookies contain information regarding user activity that is generally used to enhance user experience. The website usually stores the temporary information in cookies that can be used to offer a more personalized user experience or for authentication and verification purposes.
Some common uses of cookies include:

– Cookies store and maintain a user’s login information so they don’t have to type it in every time they visit a website. This way you no longer have to remember your usernames and passwords for every site you sign up on.

– In the case of eCommerce websites, cookies store the data of the user, like what a user added to the cart, items a user saw on the website and the name or email address they used on the website. This information is then preserved as the user moves from page to page or on subsequent visits.

– Cookies can store your IP address and show you personalized content according to your geographical location.

– Targeted ads are served according to the user’s behavior, which is gauged from cookies stored.

Since cookies have become so ubiquitous on the web, some countries and regions have passed specific legislation regulating how they can be used. However, a user can delete cookies from their web browser by going to the privacy section of their browser’s settings.

Cookies and GDPR

Passed on May 25. 2018, the General Data Protection Regulation (GDPR) is the main data privacy and protection law governing how cookies are used online. Under the GDPR, companies and site owners are required to be transparent about how they gather, use and share personal data, aiming to give individuals greater control over their personal data.

The first step to GDPR compliance is telling visitors that your site collects personal data and informing them of their rights under the regulation. The aim is to be as transparent as possible. You must provide a list of the information you are collecting and offer users the chance to give consent. Additionally, users should have the option to view the information you have collected about them and choose to remove specific information as desired. GDPR compliance is about more than just cookies, but it’s a start!

PHP Sessions

An alternative to the standard cookie approach is the PHP session.

A session is a kind of like a digital ID card: Each time when you visit a website you’ll be assigned one for the duration of your visit and it will be used to identify you during your time on the site. A PHP session is much like a normal session that ends when the user closes their browser. Sessions are unique to users.

Performance and caching issues are key concerns with PHP sessions. If you plan to collect session data, a combination of browser cookies and database rows could be the ideal solution, as it’s what many plugins and theme developers opt for.

Cookies and WordPress

Just like every other web application WordPress also uses cookies to store user information on the browser. WordPress has two ways of managing cookies: Via the source code of WordPress itself, or by implementing several plugins that are responsible for creating and holding cookies according to GDPR criteria. For example, if you use a related posts plugin, it probably takes advantage of cookies to store information about which pages users have viewed. WordPress also uses cookies to remember a user’s name and email address if they fill out a comment form. Two types of cookies are generated by default, in WordPress:

  • Comment Cookies: Comment cookies, as the name suggests, are created when a user comments on a post in WordPress. When a user leaves a comment, their name, email and website address are saved in comment cookies so that the next time they come and comment they don’t have to reenter those details.
    However, with recent privacy policy changes due to GDPR, new tools have been introduced by WordPress core to make sure you let users opt-in to these cookies being set. This setting, if not already set, can be enabled under “Settings → Discussion” in your WordPress admin dashboard. Select the option to “Show comments cookies opt-in checkbox.” By default, the commenter’s cookie expires after 347 days.
  • Login Cookies: Session cookies are set when a user logs in to a WordPress site. A session is maintained for the user wherein their credentials are secured for a period of time.
    They store the user’s authentication details and admin area settings and expire after 15 days, at which point the user will have to log in again. A typical example is when you log in to your dashboard. The user’s cookie is used by the WordPress admin to automatically log in users, and keep them logged in for the duration it lasts. When you try to access the backend of your WordPress site, a check is done to see if the session cookies exist and haven’t expired. This is what allows you to magically bypass the login screen.

There are two different types of cookies in WordPress that are commonly used,   session cookies and persistent cookies.

  • Session Cookies: Session cookies are temporary cookies saved for the duration of a session. Session cookies are also known as transient cookies. These cookies store information about the activities users perform during a single session. They are used to maintain data about your activities as you browse through a site but are erased at the end of your session. A typical example can be seen in an eCommerce website, where session cookies are used to remember the items in your cart as you navigate the website. Without cookies, you could never check out as your cart would be emptied each time you navigated to the checkout page.
  • Persistent Cookies: As the name suggests, these cookies persist to function beyond a single session. These are often used to manage user preferences over longer periods of time.
    For example, when you tick the “remember me” box before logging into a website, a persistent cookie is set on your browser.

Cookies with Third-Party Themes and Plugins

Third-party plugins and themes in WordPress use the cookie functionality as well. WordPress by default is stateless and doesn’t maintain sessions, meaning it displays the same behavior regardless of the user navigating the site. Most plugins and themes make use of browser cookies. WordPress plugins may use the information stored in the default cookies to provide personalization features. Plugins may also store their own cookies. 

Since WordPress is pretty much stateless it doesn’t provide the functionality to create shopping carts using cookies or retrieve visitors’ personal data via cookies to improve user experience. Thus for optimal efficiency, different types of WordPress sites might also need a set of different cookies up their sleeves. For example, an eCommerce site will always need cookies for the better conduct of shopping carts, wish lists and customer preferences.

Is My Site Using Cookies?

To see what cookies are set on a specific site, browse to that site and click on the little padlock icon at the top. Then click on “Cookies.” Keep in mind that you will see cookies from every website. Thus, to ensure you only see the cookies that your website uses, you should clear the cookies from your browser first. Then simply visit your website for your browser to acquire the cookies it uses.

To find out if a website has cookies, check the ‘developer console’ of your browser and, in some cases, the address bar. Keep in mind that you should browse the site in private mode to prevent loading cookies from other websites. Also, make sure to turn off the blocking of cookies from your browser.

To check cookies in Chrome:

1. Right-click on the website and click Inspect to open the developer console of Chrome.

cookies and sessions in WordPress - inspect on chrome

2. Select the tab Applications.

3. Expand the Cookies in the drop-down menu on the left. You will see all the cookies that the website uses on the right. It shows the details, such as the name, value, and attributes of the cookies.

cookies and sessions in WordPress - chrome Application

4. You can also open the console by selecting More Tools and then clicking Developer Tools.

How to Delete Cookies

It’s easy to see and clear cookies on a website. Although cookies have an expiration date, you may consider clearing them after some time because they conflict with caches and may slow down the loading speed for that website. Any user can delete cookies from their web browser by going to the privacy section on their browser’s settings. Alternatively, you can search for or clear all cookies in your browser. In order to clear cookies from a particular website on Google Chrome follow these steps:

1. On your computer, open Chrome.

2.  At the top right, click More and then Settings.

3. Click Privacy and security and then Cookies and other site data.

cookies and sessions in WordPress

4. Click See all site data and permissions.

5. At the top right, search for the website’s name.

6. To the right of the site, click Remove.

7. To confirm, click Clear.

If you use Safari, Firefox or another browser, check this guide for instructions.

Conclusion

That’s all we have to cover about cookies and sessions in WordPress in today’s article. I hope this article sheds some light on the many attributes cookies have and how WordPress is using them. Cookies are currently what makes the world go round and are important for pretty much everything that happens on a WordPress site, from keeping us logged in to ensuring a smooth shopping cart experience and even making sure that a popup window stays closed. As always, remember that cookies are one of the many ways websites can provide a better browsing experience for their users. By understanding how WordPress handles cookies, you can easily personalize your website for each user you have.

Recommended Posts

1 Comment

  1. Hi! Is there any way to write a cookie text by copying it from another website? or does it have to be entirely made by me


Add a Comment

Your email address will not be published.