> ## Documentation Index > Fetch the complete documentation index at: https://docs.cevoid.com/llms.txt > Use this file to discover all available pages before exploring further. # Consent > Understand when the Cevoid Analytics SDK creates a session, when it does not, and how consent affects session IDs. Use this page when you need the exact rules for Cevoid session creation and `session_id` attachment. If you only want the operational setup steps, use [Session Tracking](./setup-session-tracking) instead. ## Short answer The SDK only attempts to create a Cevoid session when both of these are true: 1. `enableSessionTracking` is enabled 2. The consent checks resolve to granted If consent is denied, events can still be sent, but `session_id` is omitted. On a non-Shopify site with no GTM consent entry and no `window.cevoidTrackingConsent` value, the consent checks default to granted. ## Session cookie name The current Cevoid session cookie name is `ca_session`. `cevoid_sid` is the legacy cookie name. The SDK will migrate an existing legacy cookie into `ca_session` and clean up the old cookie when possible. If your storefront requires cookie disclosures before analytics storage is enabled, document `ca_session` in your cookie policy before you turn on session tracking in production. ## Consent sources When session tracking is enabled, the SDK checks up to three sources: If none of these sources are present on a non-Shopify site, the overall consent result defaults to granted. ### Shopify Customer Privacy API If Shopify is not present, this check defaults to granted. If Shopify is present, the SDK tries to load the `consent-tracking-api` feature and waits up to 5 seconds: * if the feature loads, it uses `window.Shopify.customerPrivacy.userCanBeTracked()` * if feature loading fails or times out, the Shopify check resolves to denied ### GTM `dataLayer` If `window.dataLayer` is missing or is not an array, this check defaults to granted. If a consent entry is present, the SDK reads `analytics_storage` from the first `['consent', ..., {...}]` style entry: * `analytics_storage === 'granted'` means granted * any other value means denied ### `window.cevoidTrackingConsent` If this global is missing, this check defaults to granted. If it is present: * `'granted'` means granted * any other value means denied ## What happens when consent is granted If consent resolves to granted, the SDK: * creates or refreshes `ca_session` * uses a 30-minute rolling expiry * attaches `session_id` to tracked events Cookie attributes: * Name: `ca_session` * Path: `/` * SameSite: `Lax` * Domain: only set when you pass `cookieDomain` ## What happens when consent is denied If consent resolves to denied: * the SDK clears the Cevoid session state * the SDK does not create `ca_session` * tracked events can still be sent * those events do not include `session_id` ## What happens when cookies cannot be written If consent is granted but the browser blocks cookie writes, the SDK falls back to an in-memory session for the current page runtime. That fallback: * does not persist across full page reloads * still allows a session value to be attached during the current runtime This fallback does **not** apply to denied consent. ## What happens while consent is resolving When `enableSessionTracking` is enabled, tracked events are deferred until consent resolution finishes. After consent resolves: * if granted, the SDK creates or refreshes the session and then sends the deferred events * if denied, the SDK sends the deferred events without `session_id` ## Practical examples ### Gallery on a non-Shopify site with no custom consent signals Result: * consent defaults to granted * `ca_session` is created if session tracking is enabled ### Shopify storefront where tracking is denied Result: * no `ca_session` is created * events can still be sent without `session_id` ### Site where cookies are blocked Result: * no persistent `ca_session` * in-memory session fallback for the current runtime only ## Related * [Session Tracking](./setup-session-tracking) * [Installation](../analytics-sdk/installation)