Consent Storage

ConsentForge stores the user's consent decision in the browser and optionally on the server.

Browser storage

By default, consent is stored in a first-party cookie named cf_consent. This cookie is:

Set on the domain of the property (e.g. .example.com)
Expires after 12 months (configurable in your property settings)
HttpOnly: false (the runtime JavaScript needs to read it)
Secure: true (HTTPS only)
SameSite: Lax

The cookie value is a base64-encoded JSON object:

{
  "v": 1,
  "ts": 1741521600,
  "policy": "pol_abc123",
  "choices": {
    "necessary": true,
    "analytics": false,
    "marketing": false,
    "functional": true
  }
}

Server-side storage (optional)

For higher durability and cross-device consistency, enable server-side consent storage in your property settings.

When enabled:

Each consent decision is also stored in the ConsentForge database
The runtime fetches stored consent on page load using a hashed user identifier
Server-side storage does not use cookies — it uses a privacy-preserving identifier

After 12 months (or if the cookie is deleted), the user is shown the banner again. Their previous choices are not pre-selected — they must make a fresh decision.

If server-side storage is enabled and a match is found, the previous choices can be restored without showing the banner (configurable).

To re-show the banner to all users (e.g. after a policy update), use Consent Resets in the Dashboard:

Go to Property → Consent → Reset
Set a reset date
Any consent stored before that date is treated as expired

Browser storage​

Cookie contents​

Server-side storage (optional)​

What happens when the cookie expires​

Clearing consent​

Browser storage

Cookie contents

Server-side storage (optional)

What happens when the cookie expires

Clearing consent