# cookies don't kill people, bullets do

if you're making a new website and are thinking of using sessions cookies
please try to think of a way that doesn't automatically send them
assume that no cookie being sent by the user means "I don't want cookies"
and have a page with a "please, give me a session cookie" button.
so when they press that button, you send one.
and the rest of your site will see it, and can use its presence as a
"oh, they opted in to this"

cookies are alright. please don't ban all cookies or assume all cookies are evil.
this is what I would have liked to have happened after the GDPR
instead of the bullshit cookie banners that claim "nah, we /need/ to use this"
which just means "we don't know how to selectively enable session cookies in PHP"