I have a client that has a site in Germany. Due to Germany privacy laws and the client's request, I need to use session cookies or "convenience cookies" instead of tracking cookies. The requirement simply is that the cookie must be deleted when the users closes the browser.
I can't tell what type of cookies google is using and if there a way to configure this in Google Analytics.
Google Analytics uses a permanent cookie (i.e. one with a long lifetime that is renewed every time the visitor returns) and you cannot configure cookie lifetime in Google Analytics. The cookie stores a client id and is required to recognize recurring users; your client will not be able to recongize recurring users or to create user based segments. I doubt that GA makes that much sense under the circumstances.
What you can do is to configure Google not to set cookies at all by setting the "storage:none" option when you create the tracker. Then you could set a client id for the session in a session cookie, and pass the value as client id to the tracker.
ga('create', 'UA-XXXX-Y', {
'storage':'none',
'clientId': 'value from the cookie'
});
Btw. German law does not require you to use session cookies only (you need to provide a comprehensive privacy policy, an opportunity for an opt-out from tracking and your client needs an agreement with Google pertaining to the processing of data on behalf of your client, a "Vereinbarung zur Auftragsdatenvereinbarung". Google provides a document that you just need to sign. And you must not save personally identifiable data). So this is probably just your client being a bit overcautious.
Just came across this question since I had to do something similar for compliance. The solution to set the GA cookies to session is as follows:
ga('create', 'UA-XXXX-Y', {
'cookieExpires': 0,
'cookieFlags': 'expires=0;secure;samesite=none;httponly'
});
Hopefully it solves the issue for anyone looking for it
