Cookie Handling and Guest-to-User Linking

Dave Hilditch

The plugin uses cookies to identify guest subscribers and automatically links their subscriptions when they later create a WordPress account.

The Subscriber Cookie

When a non-logged-in visitor subscribes through a form, the plugin sets a cookie:

PropertyValue
Namesse_subscriber_id
ValueRandom 32-character hex string (e.g. a1b2c3d4...)
Lifetime365 days (configurable in Settings > Advanced)
HttpOnlyYes (not accessible via JavaScript)
SecureYes on HTTPS sites
PathSite cookie path

This cookie is set only once — when the subscriber record is first created. If the subscriber already exists (e.g. they subscribed before), the existing cookie is reused.

What the Cookie Does

  1. Identifies returning visitors — when the same visitor comes back and interacts with another form, the plugin recognizes them by their cookie and uses the existing subscriber record instead of creating a duplicate
  2. Powers the subscription management page — guest visitors can manage their preferences without logging in, because the cookie links them to their subscriber data
  3. Controls popup frequency — the popup system checks for this cookie to avoid showing popups to existing subscribers (when “Hide from Subscribers” is enabled)

Guest-to-User Reconciliation

When a guest subscriber later creates a WordPress account, the plugin automatically links their existing subscriptions to the new user profile. This happens on two hooks:

On Registration (user_register)

When a new WordPress account is created, the plugin:

  1. Looks up the subscriber table for a record matching the new user’s email
  2. If found and not already linked to a user, sets the wp_user_id on the subscriber record

On Login (wp_login)

When a user logs in, the plugin:

  1. Checks if the sse_subscriber_id cookie exists
  2. If it does, looks up the subscriber by cookie ID
  3. If the subscriber’s email matches the logged-in user’s email, links the records
  4. Also checks by email alone (in case the cookie was cleared)

This means subscriptions carry over seamlessly regardless of whether the visitor registers immediately or months later.

Popup Dismiss Cookies

Separate from the subscriber cookie, the popup system sets dismissal cookies:

NameLifetimePurpose
sse_popup_{formId}_dismissedSession / 24h / 365 daysPrevents re-showing a dismissed popup

These are standard (non-HttpOnly) cookies set by JavaScript, with lifetime depending on the popup’s frequency setting.

Changing the Cookie Lifetime

Go to SSE Emails > Settings > Advanced to change the subscriber cookie lifetime (default: 365 days). This affects new cookies only — existing cookies retain their original expiry.

GDPR Considerations

The subscriber cookie is functional (not used for tracking or advertising) and is set only when the visitor actively submits a signup form. In most jurisdictions, functional cookies set in response to a user action do not require separate cookie consent.

However, if your site’s cookie policy requires consent for all cookies, you may need to ensure the form submission is considered valid consent. The popup dismiss cookies are similarly functional — they remember a user’s dismissal action.

Consider adding a brief privacy notice below your forms or linking to your privacy policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

×
1/1