Cookie policy update and new Cookies added

Shopify App Store

The Shopify cookies policy has been updated.

Breaking change

In addition to the policy update, we've added the following three required cookies to the Cookies Necessary for the Functioning of the Store cookie list:

• identity-state
• identity-state-<<token>>
• identity_customer_account_number

These cookies are required to use the new customer account log-in, which some merchants have already enabled. Without them, customers won't be able to log into the store. All cookies management applications, including GDPR-related apps, must update their application as soon as possible and not block these cookies.

Please be noted:

• The difference between - and _. The two identity state cookies names are:

identity-state and identity-state-<<token>>

NOT

identity_state and identity_state_<<token>>

• The token in the real name of identity-state-<<token>> is a random string, like identity-state-fsdf25fxg34se69d. The name does not contain < or >. It means, your app should not block cookies whose name is similar to identity-state-fsdf25fxg34se69d . This also applies to checkout_session_token_<<token>>. Your app should not block cookies whose name is similar to checkout_session_token_fsdf25fxg34se69d .

We've also added two cookies to the Reporting and Analytics cookie list:

• customer_auth_provider
• customer_auth_session_created_at

These cookies are used to provide additional data for Shopify analytics.