With the recent 2.5 update, EllisLab have addressed this issue head on. They've added a new set_cookie_end
hooks to hijack cookie setting and given us a new Cookie Consent module. You can read more about it in their two blog posts The Cookie Consent Module & EU Cookie Legislation and ExpressionEngine 2.5.0 Released.
The cookies in 2.x are in fact largely the same as 1.x: it's their implementation in the core that is different.
Sets the datetime that the user last visited the site, and is set for both guests and logged in users. If not set, is automatically set to 10 years ago. Affects guests and logged in users.
Tracks the last 5 pages viewed by the user, and is used primarily for redirection after logging in etc. Affects guests and logged in users.
Every time the state is updated (the page reloaded) the last activity is set to the current datetime. Used to determine expiry. This is essential for logged in users, but not for guests - it is set for both.
A uniquely generated ID that corresponds to the session_id
column in the exp_session
table. Used when cookie and session are set as the session type. Used only for logged in members.
Matches the unique_id
field in the exp_members
table. Randomly generated by the functions
class at registration. Used only for logged in members.
The encrypted password of the currently logged in user. Set if you choose the cookies and session ID method for sessions (cs
in your config.) Used only for logged in members.
A flag set by the user to determine if they are listed in the online users.
Determines the length of the session for a logged in user. There are two options for this cookie: if the user has selected remember me then it is set to 1 year, and if not then it's set to the datetime that the user logged in. Used only for logged in members.