Cookie-free domains

is it possible to use cookie-free domains in grav?
in wordpress it can be done like in this article
but i dont know how to achieve it in grav, any idea or hints?

thanks and best regards


I would be interested in disabling session cookies, too. Also there is a setting session.enabled in user/config/system.yaml, setting it to false throws an error (“Server Error … 0 - The Login plugin requires “system.session” to be enabled”). Since the login plugin is required if using the admin UI, it’s not possible to disable session cookies even for pages not containing any form.

However, it should be possible to suppress session cookies for regular web pages not containing forms, shouldn’t it? Pages with forms such as login pages could override the session.enabled setting explicitly or implicitly.

You could use different environments. Use ‘’ with cookies and disable cookies for

i’ve followed the step in the link above:

any idea how to achieve it in grav way?

how to disable cookies in grav?

thanks and best regards,

As I wrote in my reply, set session.enabled to false in user/config/system.yaml to disable cookies.

Problem are restricted and contact pages in the domain still requiring session cookies. It would be possible to just enable session for those pages, but if I understand it correctly, code in the login plugin has to be changed for this, since the login plugin checks for the session.enabled setting globally (file user/plugins/login/login.php, lines 69-72).

Is-it possible to override this login plugin with a “clean way” ?

Finally I just commented “throw new \RuntimeException(‘The Login plugin requires “system.session” to be enabled’);” on line 81 (file user/plugins/login/login.php) and set session.enabled to false in user/config/system.yaml.

In fact the system only checks if session is enabled to get “an authorization”.
If you don’t check system.session, the login plugin will create the session too.

Much easier since Grav 1.4.6:
system session.enabled to true and
system session.initialize to false

1 Like

I also am interested in creating a cookie-free site (because I don’t see why it would need one and GDPR makes cookies a bit of a hassle). I just tried what you suggested @arank, but the grav-site cookie still pops up again. I tried clearing the cache but to no avail. How do I get rid of that cookie?

EDIT: I am so sorry! I uploaded it into the wrong directory… :sweat_smile: Now that’s fixed, the cookie is gone and everything is working like a charm. So thank you very much @arank!

I tried this because I only want cookies when login plugin is being used and not for anonymous users, but ticking box remember me results in error page and not ticking it doesn’t get you logged in. Am i missing something here?

The reason I want this is because I am picking a fight with Varnish…as a trial-and-error-dude I really shouldn’t, but I can’t let go