How to Configure Magento 2 Cookies?

Cookies can hardly be treated as a new concept. Most web users know that cookies generate small-sized files to store user-related information. We can all agree that cookie messages can be irritating. But it is a necessary measure to obtain customers' consent for collecting their personal data, which is as important as terms and conditions.

So, if you were wondering whether Magento 2 has some cookie settings that can be configured, then the answer is Yes. You can easily configure cookie settings in Magento right from the admin panel and adjust them to your store's requirements. 

In this article, you'll refresh your memory of the subject and learn how to configure Magento 2 cookies, and how to edit cookies policy and message.

What are Cookies?

Cookies can be referred to as small files of information that are generated by the web and saved on your computer. They store users' online session data, such as their navigation or the number of visits to a particular page. Cookies are mostly used to create a personalized experience for customers and generate suggestions based on their previous steps.

These can prove to be useful for store owners as well. They can track clients' journeys through the website and use that information to tweak their strategy. 

If you have heard of the GDPR at least once, you have a notion that cookie notifications are required in the European Union. So, due to privacy concerns, you might want to know how these notifications can be enabled in Magento 2.

How to Configure Magento 2 Cookies?

To configure cookies in Magento 2:

1. Go to Stores > Settings > Configuration > General > Web > Default Cookie Settings.

2. Specify the Cookie Lifetime, which defines how long the cookies will be stored on the customer's computer. The default value is 3600 seconds, but if you want the cookies to expire right after the customer leaves the browser, enter 0 in this field.

3. Enter the Cookie Path to specify where the notification has to be displayed. If you want it to be shown on all the pages, use a slash (/) in this field.

Default cookie settings in Magento 2

4. Add the subdomain in the Cookie Domain field. If you would like to enable the cookies for all the subdomains you are using, enter here the corresponding domain preceded by the full stop, e.g. ".domain.com".

5. In the Use HTTP Only field, choose Yes. It'll restrict other programming languages from having access to the cookie files. 

6. Select Yes for the Cookie Restriction Mode to enable cookie messages on the storefront. 

How to configure default cookie settings in Magento 2?

7. Press the Save Config button. 

As time passes, you might need to refresh the cookie policy of your Magento 2 store. To do so:

1. Go to Content > Elements > Pages

2. Find the Privacy Policy page and select Edit from the Action dropdown.

Magento 2 CMS pages

3. Enable the page if you haven't done it already. 

4. Jump to the Content section and add the necessary changes. 

Edit privacy policy in Magento 2

5. Choose the Store View where this page has to be displayed in the Page in Websites section.

Pages in websites

6. Press the Save button and check the privacy policy page on the storefront. This is how the privacy policy page will be displayed in your Magento store:

Storefront Magento privacy policy page

If you want to update the cookie popup message, you can also do that via the admin panel. The set of steps you have to take is pretty much similar to that in the previous section. 

1. Go to Content > Elements > Pages.

2. Move to the Enable Cookies page and choose the Edit option from the Action dropdown.

Magento 2 CMS pages grid

3. Enable the page.

4. Tweak the cookie message, by adding the corresponding adjustments in the Content section.

Edit cookie message in Magento 2

5. In the Page in Websites section, choose Store View to display the cookie message. 

Pages in websites Magento

6. Once you're ready with the update, press the Save button.

This is how the default cookie settings in Magento can be configured. As simple as that! You just need to make sure to enter the accurate details to make everything work properly.  

Another thing you need to take into account is the Consent Mode v2 introduced by Google. It covers the EEA and the UK area and sets new requirements for advertisers and Google Tag Manager tracking. The new regulations are aimed at protecting customer personal data and privacy.

The question is: what should you do to comply with the new regulations? Let's break it down.

If you use Magento 2 Google Tag Manager & GA4 Extension, no changes are neede since the corresponding compliance was added in v2.5.3. Thus, if you have the default Magento cookie popup, just make sure you also have a relevant GTM extension version. The same goes for the Google-authorized CMP Partners.

gdpr in magento google tag manager

In case you use some third-party consent extensions, reach out to your service providers to ensure their solution is compatible with Consent Mode v2.

It may also be that you implemented some custom solutions for GTM tracking and cookie consent. In this case, make sure your developers follow the Google Developer Guide to add the necessary changes as per the requirements.

To sum everything up, you now have clear steps to configure the default Magento cookie settings and know how easy it actually is. Besides, with the Consent Mode v2 in mind, you can adjust your settings properly to comply with all regulations. 

However, cookies are not the only thing to configure. Once you finish configuring cookies, you should enable Magento reCAPTCHA to protect your store from any spam or brute force attacks.