Do you need cookie consent for a login?

[whitedragon101]

I am building a wedding planning website for a client. The only time the system uses a cookie is to hold the session for a login where they are explicitly signing in. I assume the php session is held in a cookie, although not 100% on that.
The sign in is just to allow them to create a shortlist of venues they like. Do I still need to add a cookie consent box?

Thanks

 

[m00min]

Depends where you are, if you're in the EU I'd say add a little cookie consent popup. Maybe consider putting a link in your footer to a page detailing what the cookie is storing and why.

 

[theluggage]

The sign in is just to allow them to create a shortlist of venues they like. Do I still need to add a cookie consent box?

IANAL but I think for session cookies all you need is "transparency".

Put a clear message in the login dialog - or even just when they register for an account - saying that, by logging in, they agree to the cookie, that it is essential to the operation of the website but that this type of cookie can't be used to track them across other sites and disappears when they close the browser session. Otherwise, they'll have to tick the box every time they log in (or you'll have to get their consent to set a persistent cookie to remember that they've consented to the temporary one...)

However, frankly, for that type of service you/your client will probably need a fuller "terms & conditions" page including a privacy policy, and a box to tick to accept that when they create a login.