Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cevoid.com/llms.txt

Use this file to discover all available pages before exploring further.

Use this page when you want to understand exactly when the SDK creates the cevoid_sid cookie and when it does not.

Short answer

The SDK only attempts to create a cevoid_sid cookie when both of these are true:
  1. You enabled enableSessionTracking
  2. The consent checks resolve to granted
If session tracking is off, no Cevoid session cookie is created. If consent is denied, the SDK still sends events, but without a Cevoid session ID.
When enableSessionTracking: true, the SDK runs a consent check during init(). The final decision is:
  • Grant consent only if all available consent checks pass
  • Deny consent if one of the checks explicitly fails
  • Fall back to granted only if the consent check throws unexpectedly
The SDK checks up to three sources:

Shopify Customer Privacy API

If window.Shopify.loadFeatures is not present, this check defaults to granted. If Shopify is present, the SDK tries to load the consent-tracking-api feature and waits up to 5 seconds:
  • If the feature loads successfully, the SDK checks window.Shopify.customerPrivacy.userCanBeTracked()
  • If feature loading fails or times out, this Shopify check resolves to denied
This means Shopify storefronts are stricter than non-Shopify storefronts.

GTM dataLayer

If window.dataLayer is missing or is not an array, this check defaults to granted. If a consent entry is present, the SDK looks for the first array entry whose first item is consent, then reads analytics_storage from the third item:
  • analytics_storage === 'granted' means granted
  • Any other value means denied
If no usable consent entry is found, this check defaults to granted.

window.cevoidTrackingConsent

If window.cevoidTrackingConsent is missing, this check defaults to granted. If it is present:
  • 'granted' means granted
  • Any other value means denied
If consent resolves to granted, the SDK immediately calls its session initializer during init(). That initializer:
  • Reuses the existing cevoid_sid cookie if one already exists
  • Refreshes the cookie to a new 30-minute rolling expiry
  • Creates a new session ID if no session exists yet
Cookie attributes:
  • Name: cevoid_sid
  • Lifetime: 30 minutes, rolling
  • Path: /
  • SameSite: Lax
  • Domain: set only when you pass cookieDomain
If an older ca_session cookie exists, the SDK deletes it during initialization before continuing.
The SDK does not create a cookie in these cases:
  • enableSessionTracking is not enabled
  • Consent resolves to denied
  • The browser blocks cookie writes
In the first two cases, events still flow, but session_id is omitted. In the third case, the SDK falls back to an in-memory session ID for the current page runtime.
The in-memory fallback is not persisted across full page reloads, so it behaves like a temporary session for the current runtime only.
When session tracking is enabled, the SDK defers tracked events until consent is resolved. After consent resolves:
  • If granted, the SDK creates or refreshes the session and then processes deferred events
  • If denied, the SDK processes deferred events without a session_id
This means consent affects whether events get a session attached, not whether the events are sent at all.

Practical examples

Result:
  • Shopify check defaults to granted
  • GTM check defaults to granted
  • Cevoid check defaults to granted
  • Cookie is created if session tracking is enabled
Result:
  • Shopify check grants consent
  • Other checks must also grant or default to granted
  • Cookie is created
Result:
  • Shopify check denies consent
  • Cookie is not created
  • Events can still be sent without a session_id
Result:
  • GTM check denies consent
  • Cookie is not created

Site with window.cevoidTrackingConsent = 'denied'

Result:
  • Cevoid consent check denies consent
  • Cookie is not created