We have lots of open issues with the cookies Matomo is using, so I think it makes sense to collect all relevant issues we have here.

Please feel free to add more tickets and or ideas.

My plan is to find a solution and create mergeable pull requests for all these issues before the end of October so that they can be included in one of the upcoming releases and before the "SameSite" cookie flag changes get released with Chrome 80.

Cookies Matomo is using at the moment:

Cookies using the PHP Session Manager:

• Matomo Auth Cookie (MATOMO_SESSID)

Cookies using the PHP Cookie class:

• Opt-Out IgnoreCookie (piwik_ignore)
• 3rd Party Cookie (_pk_uid)
• Language Manager Cookie (matomo_lang)

Cookies used by the JS Tracker (1st party cookies):

• _pk_id
• _pk_ses
• _pk_ref
• _pk_cvar
• mtm_consent
• mtm_consent_removed

Relevant for all PHP (cookie class and php session) cookies:

• Feature request: cookie attribute SameSite=Strict Warning in Chrome console: A cookie was set without the SameSite attribute. #14395

Relevant for all PHP cookie class cookies:

• simplified cookies simplified cookies #14444

Opt-Out IgnoreCookie (piwik_ignore):

• IgnoreCookie: added support for cookie_domain and ignore cookie signature IgnoreCookie: added support for cookie_domain and ignore cookie signature #13301
• When a user opts-out, do not send any tracking requests to the Tracking API When a user opts-out, do not send any tracking requests to the Tracking API #12767
• Third party cookie in the optout cookie iframe Third party cookie in the optout cookie iframe #12454
• Ignore cookie iframe not working when different URL is used for the tracking code than the one - used for the Piwik interface Ignore cookie iframe not working when different URL is used for the tracking code than the one used for the Piwik interface #9466
• Feature request: Separate opt-out for each site Feature request: Separate opt-out for each site #6505

3rd Party Cookie (_pk_uid):

• Fix 3rd party cookie / global visitorid race condition Fix 3rd party cookie / global visitorid race condition #13109
• Tracking Cookie gets set if "DNT=1" Tracking Cookie gets set if "DNT=1" #10162

JS Tracker 1st Party cookies:

• First party cookies created in multiple domains when using "addTracker" function First party cookies created in multiple domains when using "addTracker" function #14350
• Allow reenabling cookies Allow reenabling cookies #13950
• Add possibility to turn cookies back on JS Tracker: Add possibility to turn cookies back on, enableCookies #13056