Hi, they are used to keep the user logged in, and in admin also to store some other information such as which tab is open when editing a page.
Hi, ok but they are created even without any login feature or access to admin page.
If not logged in yet, that is a session cookie, which identifies the user to Grav, and allows to generate a token which we send for example in forms to secure them.
You can turn it off by setting
system.session.enabled to false if you don’t want it to be added.
@flaviocopes This option should be available though in the Grav admin plugin. Setting it
system.session.enabled to false, means also that you can’t login from the front-end anymore (login from back-end via Admin panel is working though).
Yes, the cookie is essential to logging in.
I mentioned the option to turn it off if you don’t actually want to add any cookie to the browser, for some reason, but that will prevent login to the site, thanks for mentioning it.