What are cookies?

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser.

They are widely used to ‘remember’ you and your preferences, either for a single visit through a ’session cookie’ or for multiple repeat visits using a ‘persistent cookie’. They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in.

Cookies may be set by the site that you are visiting, known as ‘first-party cookies; or by third parties, such as those who serve content or provide advertising or analytics services on the website, known as ‘third-party cookies’.

Both websites and HTML emails may also contain other tracking technologies such as ‘web beacons’, or ‘pixels’. These are typically small transparent images that provide us with statistics for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. If you disable cookies, the web beacons may still load, but their functionality will be restricted.

Cookies set by WooCommerce

Cookies are used by WooCommerce in a variety of ways.

Cookies depend on specific features that are enabled on a store. The cookies are active when a user interacts with one of these features or to allow admin functions to be performed from within the store’s dashboard (/wp-admin).

Details are provided in tables below, listing various cookies that are set for users of stores with the WooCommerce plugin installed.

Store front end:

COOKIE NAME DURATION PURPOSE
woocommerce_cart_hash session Helps WooCommerce determine when cart contents/data changes.
woocommerce_items_in_cart session Helps WooCommerce determine when cart contents/data changes.
wp_woocommerce_session_ 2 days Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
woocommerce_recently_viewed session Powers the Recent Viewed Products widget.
store_notice[notice id] session Allows customers to dismiss the Store Notice.

No personal information is stored within these cookies.

Store dashboard (/wp-admin):

COOKIE NAME DURATION PURPOSE
woocommerce_snooze_suggestions__[suggestion] 2 days Allows dashboard users to dismiss Marketplace suggestions, if enabled.
woocommerce_dismissed_suggestions__[context] 1 month Count of suggestion dismissals, if enabled.
tk_ai session Stores a randomly-generated anonymous ID. This is only used within the dashboard (/wp-admin) area and is used for usage tracking, if enabled.

Cookies set by WordPress

Users are those people who have registered an account with the WordPress site.

On login, WordPress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/

After login, WordPress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.

WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the user’s database table. This is used to customize your view of the admin interface, and possibly also the main site interface.

Non-Version-Specific Data

The actual cookies contain hashed data, so you don’t have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It’s quite hard to reverse a hash (bordering on practical infeasibility with today’s computers). This means it is very difficult to take a hash and “unhash” it to find the original input data.

WordPress uses the two cookies to bypass the password entry portion of wp-login.php. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration Screen. If you don’t have the cookies, or they’re expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.