Perhaps this should be made clear within the documentation. It’s kind of difficult to write up a privacy policy under GDPR, without knowing which cookies you need to declare. I’ve just seen this post and this reply, by @John. This seems to explain that it falls under the ‘Strictly necessary’ cookie exemption. But it still doesn’t answer the question as to whether it is a session cookie or a persistent cookie. Granted, I know it’s persistent because if I close my browser and come back to Ghost I am still logged in. But some clarity would be nice. I didn’t realise there were different session cookie types.