Cookie Definition :
Once User enabled Cookies on a website, It stores user’s data (Username & Password as unique identifiers, preferred language or location) in Browser’s Memory or as small Text File, Client’s cookies interconnected server to transmit data, These stored information making shopping experience very wonderful, once user again visited store site.
How Many Types of Website Cookies
The Website Cookie Law and Regulations
There are following below steps need to follow Cookie Settings in Magento 2 Admin
[1]- Go To STORES > Configuration, redirects on configuration.
[2]- Left Panel Clicked on General > Web, redirects on [Right Panel]
[3]- Once redirection on [Right Panel]
[4]- Once clicked / expanded, Default Cookie Settings [Right Panel]
Each Input Field of Default Cookie Settings defined as
[4.1]- Cookie Lifetime : By Default It’s 3600 Second (1 Hour), In case customer Cookie Lifetime, need to put custom value (in seconds) as per store requirement.
[4.2]- Cookie Path : If admin want to keep cookies available to other folders, need to put forward slash to keep the cookies available anywhere on the site.
[4.3]- Cookie Domain : If admin want to enable cookies for some specific subdomain. Enter something like “.domain.com” to enable cookies for all the subdomains. Remember, put dot(.) before domain name.
[4.4]- Use HTTP Only : By Default selected Yes, to prevent scripting languages from gaining access to cookies.
General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) require online merchants to make the process of collecting customer personal data secure, transparent, and with customer consent. To protect cookies from thefts, Admin should apply the HttpOnly attribute, which protects cookies from being accessed by JavaScript.
By default, Magento 2 examines whether HTTPS is enabled and sets a Security Flag automatically.
HttpOnly Attribute or Flag indicates, Always Use HTTP Only , select as Yes
Never try Use HTTP Only as select No as per Security Vulnerability Issue.
[4.5]- Cookie Restriction Mode : By Default selected No , to enable Cookie Restriction Mode, select Yes
” Cookie Restriction Mode prevents web store from collecting cookies data of customers, so full-featured operations cannot be enabled. In this mode, customers have to confirm that website needs cookies to allow full-featured operations & making wonderful shopping experience “
[5]- Click on Save Config button & run CLI command Flush