--- title: Cookie policy update and new Cookies added - Shopify developer changelog description: >- Shopify’s developer changelog documents all changes to Shopify’s platform. Find the latest news and learn about new platform opportunities. source_url: html: 'https://shopify.dev/changelog/cookie-policy-update-and-new-cookies-added' md: 'https://shopify.dev/changelog/cookie-policy-update-and-new-cookies-added.md' metadata: effectiveApiVersion: '' affectedApi: [] primaryTag: displayName: Shopify App Store handle: shopify_app_store secondaryTag: displayName: Update handle: update indicatesActionRequired: true createdAt: '2022-10-11T12:58:53-04:00' postedAt: '2022-10-11T00:00:00-04:00' updatedAt: '2024-02-02T10:57:42-05:00' effectiveAt: '2022-10-11T00:00:00-04:00' --- October 11, 2022 Tags: * Action Required * Shopify App Store # Cookie policy update and new Cookies added The [Shopify cookies policy](https://www.shopify.com/ca/legal/cookies) has been updated. **Breaking change** In addition to the policy update, we've added the following [three required cookies](https://www.shopify.com/ca/legal/cookies?shpxid=c9bb1ac3-2295-44BD-F214-883DDC2EEB47#:~:text=identity%2Dstate-,Used%20in%20connection%20with%20customer%20authentication,-24h) to the **Cookies Necessary for the Functioning of the Store** cookie list: * `identity-state` * `identity-state-<>` * `identity_customer_account_number` These cookies are required to use the new customer account log-in, which some merchants have already enabled. Without them, customers won't be able to log into the store. All cookies management applications, including GDPR-related apps, must update their application as soon as possible and not block these cookies. **Please be noted:** * The difference between `-` and `_`. The two identity state cookies names are: `identity-state` and `identity-state-<>` NOT `identity_state` and `identity_state_<>` * The `token` in the real name of `identity-state-<>` is a random string, like `identity-state-fsdf25fxg34se69d`. The name does not contain `<` or `>`. It means, your app should not block cookies whose name is similar to `identity-state-fsdf25fxg34se69d` . This also applies to `checkout_session_token_<>`. Your app should not block cookies whose name is similar to `checkout_session_token_fsdf25fxg34se69d` . We've also added [two cookies](https://www.shopify.com/ca/legal/cookies#:~:text=session-,customer_auth_provider,session,-Shopify%E2%80%99s%20websites) to the **Reporting and Analytics** cookie list: * `customer_auth_provider` * `customer_auth_session_created_at` These cookies are used to provide additional data for Shopify analytics.