TLDR; It seems that if I want to make an 100% GDRP-compliant website then I can not set a cookie at all. But the default system prevents that as it always sets a session for anonymous users.
So can we disable this, why is a session even necessary?
I understand that it has benefits for tracking, visit counts etc. and I may consider keeping it.
Yet a brief look at the GDRP notes on cookies says that technical necessary cookies are fine and need no opt-in, yet
a) Need information (cookie banners) but I may not want them at all.
b) in fact if you are strict, my website has no real technical necessity for them, nothing would work differently if there was no cookie.
So I do wonder are there already some built-in ways to just not set a cookie for non-authenticated users?
I checked the /backend and /session php files but there seems to be no such option.
E.g. ‘force_remember’ null or false still re-generates a cookie after deleting it.
*I still need to be up to date with the GDRP, yet I do want to have the option to have a non-cookie (banner) website. Especially as I have to read the docs and code to know for sure what is even stored in that session as I have no idea but law forces me to know it and provide that information. Hence I rather want to have none.
On the other hand if you have arguments why this session is necessary, please let me know.