Cookie Handling and Guest-to-User Linking
The plugin uses cookies to identify guest subscribers and automatically links their subscriptions when they later create a WordPress account.
Table of Contents
When a non-logged-in visitor subscribes through a form, the plugin sets a cookie:
| Property | Value |
|---|---|
| Name | sse_subscriber_id |
| Value | Random 32-character hex string (e.g. a1b2c3d4...) |
| Lifetime | 365 days (configurable in Settings > Advanced) |
| HttpOnly | Yes (not accessible via JavaScript) |
| Secure | Yes on HTTPS sites |
| Path | Site cookie path |
This cookie is set only once — when the subscriber record is first created. If the subscriber already exists (e.g. they subscribed before), the existing cookie is reused.
- Identifies returning visitors — when the same visitor comes back and interacts with another form, the plugin recognizes them by their cookie and uses the existing subscriber record instead of creating a duplicate
- Powers the subscription management page — guest visitors can manage their preferences without logging in, because the cookie links them to their subscriber data
- Controls popup frequency — the popup system checks for this cookie to avoid showing popups to existing subscribers (when “Hide from Subscribers” is enabled)
Guest-to-User Reconciliation
When a guest subscriber later creates a WordPress account, the plugin automatically links their existing subscriptions to the new user profile. This happens on two hooks:
On Registration (user_register)
When a new WordPress account is created, the plugin:
- Looks up the subscriber table for a record matching the new user’s email
- If found and not already linked to a user, sets the
wp_user_idon the subscriber record
On Login (wp_login)
When a user logs in, the plugin:
- Checks if the
sse_subscriber_idcookie exists - If it does, looks up the subscriber by cookie ID
- If the subscriber’s email matches the logged-in user’s email, links the records
- Also checks by email alone (in case the cookie was cleared)
This means subscriptions carry over seamlessly regardless of whether the visitor registers immediately or months later.
Separate from the subscriber cookie, the popup system sets dismissal cookies:
| Name | Lifetime | Purpose |
|---|---|---|
sse_popup_{formId}_dismissed | Session / 24h / 365 days | Prevents re-showing a dismissed popup |
These are standard (non-HttpOnly) cookies set by JavaScript, with lifetime depending on the popup’s frequency setting.
Go to SSE Emails > Settings > Advanced to change the subscriber cookie lifetime (default: 365 days). This affects new cookies only — existing cookies retain their original expiry.
GDPR Considerations
The subscriber cookie is functional (not used for tracking or advertising) and is set only when the visitor actively submits a signup form. In most jurisdictions, functional cookies set in response to a user action do not require separate cookie consent.
However, if your site’s cookie policy requires consent for all cookies, you may need to ensure the form submission is considered valid consent. The popup dismiss cookies are similarly functional — they remember a user’s dismissal action.
Consider adding a brief privacy notice below your forms or linking to your privacy policy.