Home > WooCommerce > Docs > An Ultimate Guide To Using Cookies In WooCommerce

An Ultimate Guide To Using Cookies In WooCommerce

Last updated: April 01, 2024

This article has been written and researched by our expert Avada through a precise methodology. Learn more about our methodology

Sam

Author

Daniel

Researcher

To give them their full name, cookies or HTTP cookies are text files made up of small pieces of data that are kept on a computer browser. Websites employ these little pieces of data to follow a user’s path, allowing them to offer services tailored to each particular user. As a result, cookies are essential to the operation of a website. They can, for instance, be used as shopping carts on e-commerce platforms.

Today, we’ll show you an ultimate guide to using cookies in WooCommerce. Specifically, everything you need to know about how WordPress utilizes them, as well as some typical difficulties to be aware of (especially as a developer) when hosting your website, writing custom code, or using a third-party plugin.

What are cookies?

First, let’s take a look at the simple definition of cookies. A cookie (also known as a web cookie, tracking cookie, HTTP cookie, or browser cookie) is a small unit of information that a user’s browser (Chrome, Firefox, etc.) stores when they visit a website. It comprises browser activity information and is often used to tailor the user’s experience or for authentication and verification. Session cookies and persistent cookies are two types of cookies that are commonly used.

Cookies are the important parts of internet browsers

Cookies are used to enhance the functionality of a website. The following are some examples of how cookies are often used on various websites:

Login information for users should be saved and managed.
During a user’s visit, protect temporary session information.
ECommerce stores use cookies to remember cart items throughout a user’s visit.
Tracking user behavior on a website allows for a more tailored user experience.
And so much more.

As you can see, cookies are a precious tool for website owners, but they can also be rather intrusive. Recent advancements in email marketing, growth hacking, and overall internet marketing enable websites to create cookies that behave as beacons and may store and even share user behavior between websites. As a result, the European Union made the EU Cookie Law, which compels website owners to state whether or not they use cookies to keep information.

How people use cookies to optimize their online stores

WordPress utilizes cookies by default to maintain logged-in user sessions and authentication. Cookies are also used to remember a user’s name and email address when filling out a comment form. Many WooCommerce plugins on your website, however, may also set their cookies. For example, OptinMonster lets you present alternative email opt-in forms to new vs. returning visitors, and it does so by utilizing cookies. If you use third-party services on your websites, such as Google Analytics or Google AdSense, they may also place cookies on your site. All website cookies may be seen in your browser’s settings. In Google Chrome, for example, go to settings and search for content settings.

Find the content settings section

To open the cookies settings page, click on Cookies under content settings.

Click on Cookies

Then, choose the All cookies and site data checkbox.

Select the All cookies and site data

On the next screen, you will see a list of all cookies and site data that have been saved on your browser by all websites you have visited. You may put a website URL into the search box, and it will display the data that the website has saved.

Put your URL here

When you click on a single item, you will be sent to a page with further information about that cookie and its contents.

Some most used cookies set by WooCommerce

WooCommerce utilizes cookies in a variety of ways. Cookies are reliant on the functionalities that are enabled on a website. Cookies are activated when users interact with one of these features or perform admin operations from the store’s dashboard (/wp-admin). Details are provided in the tables below, which detail the numerous cookies set for users of stores that utilize the WooCommerce plugin.

Cookies will have you manage your WooCommerece CMS system

Here is the list of the most used cookies in WooCommerce:

Woocommerce_cart_hash: Assists WooCommerce in determining when the cart contents/data change.
Woocommerce_items_in_cart: Assists WooCommerce in determining when the cart contents/data change.
Wp_woocommerce_session_: Provides a specific code for each user to recognize where to look in the database for each client’s cart data.
Woocommerce_recently_viewed: This script is responsible for the Recently Viewed Products widget.
store_notice[notice id]: Enables customers to opt-out of the Store Notice.
Woocommerce_snooze_suggestions__[suggestion]: If activated, allows dashboard customers to reject Marketplace suggestions.
Woocommerce_dismissed_suggestions__[context]: If activated, count of recommendation rejections.
Tk_ai: Stores an anonymous ID that is created randomly. If enabled, this is only utilized within the dashboard (/wp-admin) section and is used for traffic tracking.

How to manage cookies in WooCommerce

When we talk about WordPress core, we mean the files that comprise the open-source project before installing any third-party plugins or themes. It’s WordPress in its simplest form, as we like to refer to it. Now that you understand what a cookie is and the various sorts, let’s look at why and how WooCommerce uses cookies to make all that happen behind the scenes.

When a user registers into the WooCommerce admin dashboard, login cookies contain authentication information. According to the WordPress Codex, the following session cookies are set:

When you log in, WordPress utilizes the WordPress [hash] cookie to save authentication data (restricted to the /wp-admin/ area).
WordPress stores the WordPress logged-in [hash] cookie once you log in. This showed when you logged in and who you were.

You can use the login cookies to check user login history like this

When you attempt to access the backend of your WordPress site, a check is made to determine if the two cookies mentioned above are present and have not expired. This is how you can miraculously avoid the wp-login.php screen. Wp-settings-time-[UID] cookies are also set by WordPress. The ID is your WordPress user ID from the users’ database table. This is where you may save your customized dashboard and admin interface settings.

Comment cookies

When a customer comments on a blog article, cookies are automatically set (with an expiration of 347 days). This is done so that they won’t have to fill out all of the information again if they return later. The three cookies listed below are saved:

comment_author_[hash]
comment_author_email_[hash]
Comment_author_url_[hash]

This how you activate comment cookies from your dashboard

However, with recent privacy policy initiatives set about through the GDPR, WordPress core has added additional tools to ensure that users may opt-in to these cookies being placed. If it is not already enabled, this setting may be found in your WordPress admin panel under “Settings Discussion.” Select the “Show comments cookies opt-in checkbox” option. You may also show a privacy warning using the popular Akismet plugin.

To start using this technique, remember to add code to your theme’s functions.php file or a site-specific plugin, and don’t forget to backup your database. First, we’ll utilize PHP’s setcookie() method. This function accepts the following arguments:

Name of a cookie
Cookie’s valuation.
Expiration date (Optional: sets a period after which cookie expires).
Path (optional; the site’s root will be used by default).
Domain (Optional; by default, your website’s domain is used).
Security (Optional, If true, then only transfers cookie data via HTTPS).
Only HTTP is supported (Optional, when set true, the cookie is only accessible via HTTP and cannot be used by scripts).

Let’s now include a code snippet into your WooCommerce site. This code saves the precise timestamp of a user’s visit to your website in a cookie.

function wpb_cookies_tutorial1() { 
 
$visit_time = date('F j, Y  g:i a');
 
if(!isset($_COOKIE[wpb_visit_time])) {
 
// set a cookie for 1 year
setcookie('wpb_visit_time', $visit_time, time()+31556926);
 
}
 
}

You may now go to your website and verify your browser’s cookies. A cookie with the name wpb_visit_time can be found.

Now that we’ve created this cookie that will be saved in the user’s browser for one year, let’s look at how we might use this information in the system. If you know the specifics of a cookie, you can access it in PHP by utilizing the cookie variable. Let’s implement some code that not only saves the cookie but also uses it on your page.

function wpb_cookies_tutorial2() { 
// Time of user's visit
$visit_time = date('F j, Y g:i a');
 
// Check if cookie is already set
if(isset($_COOKIE['wpb_visit_time'])) {
 
// Do this if cookie is set 
function visitor_greeting() {
 
// Use information stored in the cookie 
$lastvisit = $_COOKIE['wpb_visit_time'];
 
$string .= 'You last visited our website '. $lastvisit .'. Check out whats new'; 
 
return $string;
}   
 
} else { 
 
// Do this if the cookie doesn't exist
function visitor_greeting() { 
$string .= 'New here? Check out these resources...' ;
return $string;
}   
 
// Set the cookie
setcookie('wpb_visit_time',  $visit_time, time()+31556926);
}
 
// Add a shortcode 
add_shortcode('greet_me', 'visitor_greeting');
 
} 
add_action('init', 'wpb_cookies_tutorial2');

The code has been commented to show you what each portion performs. This code retrieves information from the cookie and outputs it using the shortcode. You can now use the shortcode [greet_me] anywhere on your website to display when a user last visited. Modify the code as needed to make it more helpful for your website. You can, for example, display recent posts to returning users and great posts to new subscribers.

Delete cookies

Up to this point, we’ve learned how to establish a cookie and afterward use it on your website. Let’s look at how to remove a cookie currently. To remove a cookie, add an additional line to your code.

unset($_COOKIE['wpb_visit_time']);

Remember to change wpb_visit_time with the name of the cookie you want to remove. Let’s utilize the same sample code we used earlier to put this code into context. This time, we’ll erase a cookie and replace it with new data.

function wpb_cookies_tutorial2() { 
// Time of user's visit
$visit_time = date('F j, Y g:i a');
 
// Check if cookie is already set
if(isset($_COOKIE['wpb_visit_time'])) {
 
// Do this if cookie is set 
function visitor_greeting() {
 
// Use information stored in the cookie 
$lastvisit = $_COOKIE['wpb_visit_time'];
 
$string .= 'You last visited our website '. $lastvisit .'. Check out whats new'; 
 
// Delete the old cookie so that we can set it again with updated time
unset($_COOKIE['wpb_visit_time']); 
 
return $string;
}   
 
} else { 
// Do this if the cookie doesn't exist
function visitor_greeting() { 
$string .= 'New here? Check out these resources...' ;
return $string;
}   
}
add_shortcode('greet_me', 'visitor_greeting');
 
// Set or Reset the cookie
setcookie('wpb_visit_time',  $visit_time, time()+31556926);
} 
add_action('init', 'wpb_cookies_tutorial2');

As you can see, this code deletes the cookie after we have used the information it contains. Later, we re-set the cookie with the new up-to-date information.

See and clear cookies

Cookies on a website are simple to view and delete. To discover what cookies have been put on a particular site, navigate and click on the small padlock icon at the top. Then select Cookies.

Select Cookies

Then navigate to the website’s folder. In the sample below, you can see that a couple of WooCommerce cookies have been set, as well as the WordPress, logged-in [hash] cookie. You may also check when the cookie will expire and if it is a permanent or session cookie (when the browsing session ends).

You can edit and remove cookies here

Simply click on an individual cookie and then click the Delete button to remove it. This is also possible at the folder level or in Chrome DevTools.

GDPR is a new data protection regulation that went into force on May 25th, 2018. It was intended to reestablish citizens’ authority over their data. Here’s an example of a modification we implemented at Kinsta to comply with the new regulation. When you first visit our website, you may have noticed a “Accept Cookies” prompt at the bottom of the screen. This is because we are now legally compelled to give users the ability to opt-in and opt-out of cookie placement. Gone are the days when you could just run whatever you wanted without telling consumers about data collecting.

Turn on necessary cookies

Conclusion

Cookies are essential to the internet, but they also have drawbacks. They offer a website with business-critical functions, but they also present users with various privacy and security concerns. However, cookies aren’t going away anytime soon because most websites employ them in some fashion.

We hope this ultimate guide to using cookies in WooCommerce will help you manage your online store effectively. As a result, by learning how cookies operate and how to protect yourself against cookie fraud and invasion of privacy, you will be better equipped to make use of them without putting yourself in danger.

Sam Nguyen

Sam Nguyen is the CEO and founder of Avada Commerce, an e-commerce solution provider headquartered in Singapore. He is an expert on the Shopify e-commerce platform for online stores and retail point-of-sale systems. Sam loves talking about e-commerce and he aims to help over a million online businesses grow and thrive.