I am currently struggling with the GDPR and all the changes it requires me to apply to my websites. One of my Wordpress websites, which uses a theme I made myself, sets a cookie named PHPSESSID which stores the session ID - not triggered by any particular action, just when any page of the website is opened.
The strange thing about it is:
1.) I definitely have nothing in my theme code that would do this.
2.) I have two identical versions of this website, one for testing on my own webspace and domain, the other on the clients domain and webspace. The provider is the same in both cases, so I suppose it's the same server configuration. The PHP version is the same (7.2). I have the same theme and plugins in both versions, still the performance site DOES set that cookie, the test site DOES NOT.
Now, all I actually want is to get rid of that cookie. I am not using any other cookies on that site and I don't want to have to put a cookie notice on that site.
Would anyone have an idea where that cookie could come from and how I could get the server/website to NOT set it?
This is for session. If you are using session by using session_start() at the most top of your script. You can find this name (PHPSESSIONID) as an option value in your php.ini following part is from mine (php on IIS)
; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID
I suspect that (without having trying) that you have a cookie because there is an other option set
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
you can read more about session and session cookies here http://php.net/manual/en/session.configuration.php#ini.session.use-cookies