Exactly what is a website "Cookie"?
Cookies are small text files stored in your browser. They should not have any personally identifying information so they typicallly look something like:
Not that good looking. But they let the web site know it's you, and that you are logged in. For Tendenci, which is built on the Django Project web framework, they are also a protection against cross-site-scripting attacks.
Sessions is how long you are on a site. For example, many banks will log you out if you haven't done anything on their site for 30 minutes to prevent someone else walking up and accessing your banking. That is your "session."
For developers, django sessions are described here:
The default age of a cookie is 1 year. This can be changed in settings.py.
What are third party cookies?
Unfortunately it turns out that many social media companies and analytics trackers are placing cookies on your browser that may have long expiration times. Or they are used to track a visitor's activity across the web.
You can accidentally do this by simply adding a "Facebook" like button or Facebook Pixel, embedding a youtube video, using an ad tracker like doubleclick, or even just adding a twitter side bar.
Or maybe you turned it on for the purpose of measuring the site traffic and providing a better experience by running Google Analytics. That is completely reasonable, just mention it in your policies. If you conduct business in the EU then we recommend educating yourself about GDPR.
Are Cookies Bad or Good?
It just depends on how the developer sets them. You can read about Google cookies for example here:
Does Tendenci Track Between Sites or Use a Third Party Cookie?
NO! Tendenci does not do cross site tracking!
But it is 100% up to you to determine if any plugins or embedded code on your site does. And you control your data.
What is the Default Age of a Site Specific Cookie Created by a Django App like Tendenci?
The default age is 1 year for the CSRF session cookie. This can be changed in settings.py.
How Can I "See" the Cookies from a Site?
In Google Chrome, using the developer tools is the easiest way.
Can We Get One of Those Annoying Pop Up Boxes and Force Everyone to Click It?
Yes, it is billable time, but yes.
You may want to read up on GDPR and write a compliant policy as a first step. Depending on how you are using the data, and your settings, you may not need "Active Consent". And all of us are so tired of clicking those little pop-up boxes.