Vanguard,

Session cookies are [supposed to] get erased when the web session exits.

And that has .... what to do with GDPR consent ?

Sites that interject their "Accept (our cookie)" aren't declaring
if they are for session or permanent (expiring) cookies, and they
don't care.

Thats a lot of words for saying "nothing". :-)

GPDR excludes session cookies now, but since when has GPDR
been fixed in stone?

Lol. Kid, throwing FUD around doesn't score you any points.

Also, the GDPR has never included rules about session cookies, as it isn't
even about cookies to begin with (as you should have be aware of by now).
The clarification of "functional cookes" vs "tracking cookies" was only
added later, to help the more "morinic" businesses/website owners understand
what they could and couldn't do.

Alas, that has not stopped the more nefarious companies to keep yip-yapping
about how problematic it would be to run a website without being allowed to
use cookies, as well as them push the "the GDPR forces us to ask for consent
so we can place a session cookie on your system" narrative towards visitors.

The very same misguided claim you threw around and which got our
conversation started with by the way.

That they create ANY cookie is why they present the
prompt. It's their means of legal indemnification now
and later.

:-) Who is paying you to blabber this kind of propaganda ?

For later ? When was the last time in your country a Law was retroactivily
applied ? For now ? They had ample time (years) to become aware that
(short-lived) "functional cookies" do not fall under the GDPR - and never
can.

No kid, you know well enough why the different companies are trying to put
the GDPR in a bad light by bothering visitors with consent that they
supposedly need to give for even a session cookie - its simply a
multi-pronged attack.

Either the visitor will get tired of ticking all of the the "no" boxes and
just press the "yes"button so they can go on, or will start to take a stand
against the GDPR because of the bull**** those companies have been feeding
them.

And thats besides, as mentioned before, forcing the visitor to (re)enable
long-lived cookies and accept an effectivily opt-out system (by way of a
"no" cookie) for the consent form itself *and* having to accept that such a
"consent" cookie content is unreadable - there is no way to check if it
reflects the made choice(s).

A so called no-lose situation. The only queston is how big the win will
be.

Kid, when you started I considered you to be part of that lattter,
mis-informed (bull****ted to) group. Though currently I get a kind of
'Stockholm syndrome' vibe ...

Regards,
Rudy Wieser