WordPress is installing a PHPSESSID cookie as soon as someone lands on my site. Under new EU law if its non-essential i have to block it so that a user can opt-in. But if it is essential its ok as long as I detail its use on my site. This is the problem.
I look after about 20 WordPress sites and only 2 of them install a PHPSESSID cookie immediately.
I cant see why. Its definitely not caused by any of my more unusual code or any of the plugins as I have stripped it down to its barebones and its still doing it.
I know WordPress is installing it and I assume it’s essential (which will mean it’s ok according to the new directive) but I still need to detail it on my cookies page.
But I dont know what it is and cant find anything on the web 🙁
Both of the sites affected don’t give the option for login. Whereas a load of the others do and they don’t install that cookie so I have no idea what its purpose is.
Can anyone say what this cookie does and why only 2 of my sites are installing it into the browser?
Both use latest version of WP and there is nothing like an ecommerce element in either site.
cheers
James
The cookie looks like it is being set by the PHP session handling process. WordPress ‘out of the box’ doesn’t use sessions, which would seem to point towards either your theme or a plugin.
If you search your code base for ‘session_start’ you may be able to track down where the session is being initiated.
PHP can also be set to auto start sessions. You may also need to check your php.ini file(s) for the ‘session.auto_start’ property.