Viewing 16 posts - 1 through 16 (of 16 total)
  • Author
  • #940524


    After testing the cookies on a default WP installation without any plugins I discovered Enfold sets a cookie when the site is entered by a visitor. The name of the cookie is PHPSESSID and results from the Enfold theme – the default WP themes doesn´t set any cookie.

    I searched the sourcecode for “session_start” and found it here:
    – masonry_entries.php (/enfold/config-templatebuilder/avia-shortcodes)
    – portfolio.php (/enfold/config-templatebuilder/avia-shortcodes/portfolio)
    – php.js (/enfold/config-layerslider/LayerSlider/static/codemirror/mode/php)

    Enfold version: 4.2.6

    As you know setting a cookie without acceptance by the visitor is against the law (EU GDPR). So we need to disable this cookie.
    How can this be done?

    Best regards


    Hey Jan,

    We will add an option in upcoming Enfold update which is planned to be released within a week or so :)

    Best regards,


    We will add an option in upcoming Enfold update which is planned to be released within a week or so :)

    Hey Yigit,

    I installed Enfold 4.3.1, but I can’t find the option to disable the cookie. Where is ist?

    Best regards



    I believe this was addressed via the settings Enfold Theme Options > Cookie Consent > Cookie Consent Message which doesn’t disable the cookie, but is compliant by notifying the visitor of the cookie.

    Best regards,


    Thank you, Mike, for your answer!

    So disabling the cookie is still just possible hard coded in the theme?

    Best regards,


    sorry but this is absolutely not true. The PHPSESSID is something that will be always (ubiquitär) if you visit any page. It has nothing to do with Enfold. This session cookie is normal usage in internet and if ( yes there are methods ) you kill that cookie the url is used instead! This is on my point of view even more security risky than that littel cookie with a crypted ID.
    A lot of browser even don’t list it because it is concerning to php usage standard behavior.

    the only cookie set by enfold now is that cookie consent cookie. This cookie saves your answer if you accept or deny cookie usage.

    By the way – go and deny in your browser cookie usage at all and look what happend if your start your browser?
    There was a fallback solution for that etc pp.

    Don’t get panic with GDPR (DSGVO on Germany)

    Many people now worry about the implementation of the obligation to educate on the Internet and on their websites about dataprotection.
    The risk of a written warning by lawyers is only great if the privacy statement is missing or hidden only to find. This has to remain almost always visible and clickable. Many Peaople place the cookie note in such a way that it hides the link to Privacy Policy or Imprint.

    The point of the list of processing activities is also a big point.
    You have now to have a documentation about your handling with data at your business. This list must be available at the request of the Data Protection Officer responsible for you. (Previously, anyone with legitimate interest could demand this release)

    • This reply was modified 3 years, 6 months ago by  Guenni007.

    The PHPSESSID is something that will be always (ubiquitär) if you visit any page. It has nothing to do with Enfold.

    Sorry, but that’s bare nonsense. Of course Enfold sets this session cookie. @deeluuxe listet some files where Enfold uses session_start() which causes this cookie. No standard WordPress theme does this btw. …


    If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.
    What is the reason to avoid session id?
    if f.e. here on board the session is killed – you will be loggt off.
    People use Google Adsense – Google Analytics etc. if there is a use with anonymiser than even those cookies are GDPR conform.

    by the way – these are three ALB Elements – i tested it – comment the whole line out like:

     // if(!is_admin() && !current_theme_supports('avia_no_session_support') && !session_id()) session_start();

    and upload it (best to child-theme with shortcodes loading snippet)


    This will end in bland starting pages where you can not place any films or maps.
    Self-hosted files you can use always, but that makes your server again lame.
    5Mb movies with simultaneous access of 10 users – then the performance is in the basement.
    So it’s best to start with a landing page that only contains buttons for consent and the privacy notice? These Pages than with handmade SEO etc. pp leading you to the real content start page!


    Hi there,

    fyi – for all who are interested in the correct ways:
    An attorney just let me deactivate the complete Cookie Banner for a Website without tracking and just Session ID´s!!!


    Mailchimp Cookies??

    Is there a way to deactivate the mailchimp cookies with the new Cookie Management Extension?


    I believe the mailchimp cookies are set via mailchimp, our element is more of a wrapper for their API. Perhaps mailchimp offers this option via their dashboard?

    Best regards,


    Hi, ya … but because Mailchimp is near by an integral part i was thinkng if it is too compicate to integrate it in the new Cookie notice board
    with the OptIn for the other trackingCookies?


    Sorry, I don’t understand your question, are you referring to the “Append a privacy policy message to mailchimp contact forms” option? This allows for a message but doesn’t control the cookie.

    Best regards,


    Yes that´s the point! it would be nice to have something like this for mailchimp as well.

    Google Map Settings:

    Vimeo and Youtube video embeds:


    I see, these allow the users to disable the elements, not the cookies though.
    Please request this feature on the Enfold feature request form.
    As this is where the dev team looks for ideas for new features and improvements.

    Best regards,

Viewing 16 posts - 1 through 16 (of 16 total)

You must be logged in to reply to this topic.