Working with cookies

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time.

Kentico provides an extensible framework, built around cookie levels, for manipulating cookies – from assigning specific levels of allowed cookies to users and contacts, to registering completely custom cookies and their corresponding cookie levels.

A site’s default cookie level determines which cookies the system stores in users’ browsers by default. To set the default cookie level:

  1. Open Settings application and select the System category.
  2. Under the Cookies heading, select a Default cookie level.
    • For an overview of individual cookie levels, see Cookie levels.
  3. Click Save.

The system now uses the selected cookie level when evaluating which cookies should be stored in users’ browsers. 

Kentico classifies cookies into several levels according to their purpose. The levels allow you to set cookie levels for users. The following are the default levels available in the cookie API (CMS.Helpers.CookieLevel class):

Cookie level


None (-1000)

Absolutely no cookies are allowed, including the cookie that stores the cookie level selected for users. This makes sense only if you want to disable absolutely every cookie by default.

System (-100)

This level allows the session cookie, and the CookieLevel cookie used to store the cookie level selected by the user. In terms of the end user and the Cookie law, this means “Cookies are not allowed”.

Essential (0)

Cookies required for all website functionality needed by site visitors. This includes authentication, language selection, votes in polls, etc. From the visitor’s perspective, this means “Allow only cookies that I may need, but do not track me”.

Editor (100)

Cookies required for correct administration interface functionality. For example used to track the selected view mode, remember tabs and sliders, etc.

Visitor (200)

All cookies that are not assigned to an explicit level are considered to be cookies identifying the visitor, i.e. user tracking cookies, which are not really needed, but are useful for the site owner if using EMS.

This level is used for all custom cookies by default. You can register custom cookies to adjust their assigned cookie level.

All (1000)

Allows all cookies, no matter what their level is. From the site visitor’s perspective this means “Allow all cookies now and in the future”.

The numbers associated with each cookie level are integer constants, which allows you to further customize the granularity of available cookie levels. The levels ‘None’ and ‘All’ are set to an absolute value of 1000 to provide enough space for future Kentico updates or developer-specified custom levels.

Automatic tracking of contacts and their activities only works for new visitors if the Default cookie level setting is set to ‘Visitor’ or ‘All’. For more information, see Working with consents.

For simplicity, there are 3 main levels, which represent the choices offered to visitors by the provided cookie web parts when asking for consent to use cookies:

Simplified cookie level

Corresponding API level


No cookies


Enables the minimum cookies required for the website to work, and remembers whether the user allows cookies or not.

Only essential cookies


Enables all cookies required for website functionality, but no tracking cookies.

All cookies


Enables all cookies used on the website.

Automatic cookie consent for administrators and editors

If a user signs in to the Kentico administration interface, cookies are automatically enabled to provide full editing functionality. The system assumes that working in the administration interface identifies a user as staff, so there is no need for cookie consent.

This section describes how to set cookie levels on MVC sites. For Portal Engine sites, see Adding cookie law consent to web pages.

In compliance with the cookie law, you can allow users to select their preferred cookie level. Use the SetCurrentCookieLevel method provided by the ICurrentCookieLevelProvider service.

The following code snippets demonstrate the usage of the ICurrentCookieLevelProvider API on a basic example. The code allows users to set their preferred cookie level via a simple form.


using System.Web.Mvc;
using System.Collections.Generic;

using CMS.Helpers;

public class CookieLevelController : Controller
    private readonly ICurrentCookieLevelProvider cookieLevelService;

    // Initializes instances of required services using dependency injection
    public CookieLevelController(ICurrentCookieLevelProvider cookieLevelService)
        this.cookieLevelService = cookieLevelService;

    public ActionResult Index()
        // Creates a list with the three default levels of cookie compliance relevant for site visitors.
        // The CookieLevel class is used to directly extract integer values corresponding to each cookie level
        // so that no additional mapping is necessary.
        var cookieLevels = new List<object>() {
                new { label = "Essential", value = CookieLevel.Essential },
                new { label = "Visitor", value = CookieLevel.Visitor },
                new { label = "All", value = CookieLevel.All }

        return View(new SelectList(cookieLevels, "value", "label"));

    // Sets the cookie level for the current user
    // The value passed into the action from the corresponding view directly corresponds to one of the system's 
    // cookie levels thanks to the CookieLevel class.
    public ActionResult SetCookieLevel(int SelectedValue)
        // Sets the cookie level for the current user to the level corresponding to the provided value

        return RedirectToAction(nameof(Index));

The corresponding view contains a drop-down selectors that allows users to select the desired level of cookies.


@model SelectList

@using (Html.BeginForm("SetCookieLevel", "CookieLevel", FormMethod.Post))
    @Html.DropDownListFor(x => x.SelectedValue, Model)
    <input type="submit" value="Select" />