So I have a website that is using Matomo Cloud and I would like to disable all cookies. So what I did was disabling all tracking cookies for this specific site in the Matomo JS code, as suggested here:
[...]
// Call disableCookies before calling trackPageView
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
[...]
But however, the session cookie (MATOMO_SESSID) still persists.
Now my question is, is it possible at all to remove this session cookie using Matomo cloud?
It boils down to this:
Whenever someone opens the Matomo application (which the opt-out iFrame is a part of) this MATOMO_SESSID is set. It is not used for tracking in any way and should not have any privacy implications.
Not setting it in the opt-out iFrame is unfortunately not really possible as then one could exploit a CSRF vulnerability and opt-out (or opt-in) someone else without them noticing.