Developer changelog

Subscribe to the changelog to stay up to date on recent changes to Shopify’s APIs and other developer products, as well as preview upcoming features and beta releases.

Get updates by RSS

Cookie policy update and new Cookies added

Shopify App Store

Action required

The Shopify cookies policy has been updated.

Breaking change

In addition to the policy update, we've added the following three required cookies to the Cookies Necessary for the Functioning of the Store cookie list:

  • identity-state
  • identity-state-<<token>>
  • identity_customer_account_number

These cookies are required to use the new customer account log-in, which some merchants have already enabled. Without them, customers won't be able to log into the store. All cookies management applications, including GDPR-related apps, must update their application as soon as possible and not block these cookies.

Please be noted:

  • The difference between - and _. The two identity state cookies names are:

identity-state and identity-state-<<token>>


identity_state and identity_state_<<token>>

  • The token in the real name of identity-state-<<token>> is a random string, like identity-state-fsdf25fxg34se69d. The name does not contain < or >. It means, your app should not block cookies whose name is similar to identity-state-fsdf25fxg34se69d . This also applies to checkout_session_token_<<token>>. Your app should not block cookies whose name is similar to checkout_session_token_fsdf25fxg34se69d .

We've also added two cookies to the Reporting and Analytics cookie list:

  • customer_auth_provider
  • customer_auth_session_created_at

These cookies are used to provide additional data for Shopify analytics.