Kirby session cookie purpose

Hi all,

I am putting together the privacy policy for a new site. The site is only setting one cookie that I can see - a kirby_session cookie. The only plugin I am using is Uniform from @mzur for a couple of contact forms, I guess this may be related to that?

I would like to inform visitors what this cookie is and why it is set, ideally in easy to understand terms. Is there anywhere I can read up on what it is doing and why it is there?

This page might be helpful. Kirby & Privacy | Kirby CMS (

Someone correct me here if I’m wrong but you should only see the kirby_session session cookie if you’re logged into your panel or frontend.

The cookie won’t be set if a user just browses the site without loggin in. Unless you have some custom setup, but as you mentioned you only got a few forms… Try an InPrivate window and see if you get the cookie by just browsing the site.

The Uniform plugin uses the csrf() helper which creates a session cookie, Kirby & Privacy | Kirby CMS

Note that these sort of cookies are purely functional and should not require a cookie banner.


Actually they kind of do!

for a web project i had the budget to pay a lawer to make a proper privacy notice ans we had the same argument. obviously he won.

you need to inform the user, that you are saving cookies.

so in this technical cookie case you don’t need a full high end compliance banner, more a note that you are setting these cookies when they click here… and it is required to click here…

the same goes for third party tool or services (running or connecting to another servers) you are implementing. Another issue.

i mean it sounds stupid, but to make it built proof for the case some bot finds and crawls through your page, thats how you should do it.

the question would be, when does uniform set the session cookie? maybe you only need the cookie banner on the subpage with a form?!
Or setting a hook before the cookie is set, when you click in the first input field or something like that.

the uses of forms requires an note before sending as well! this could be a link to the section in the privacy notice, telling the user what you are doing with the data and how they can tell you to delete it.

sry for making it complicated.

While that is true, there is a difference between informing the user about the data you are collecting in the privacy page (which is necessary for all data you collect) vs. having to set up a cookie banner. And for functional cookies that are required for the proper functionality of the website, a cookie banner is not needed.

1 Like