cookies – Does storing session id for remembering session requires user consent under GDPR?

My application provides public landing pages to visitors. Whenever the user visits the page or refreshes the page, we record analytics containing the IP address and browser information and generates a unique session ID.

The session ID is then stored in the local storage.

The landing page contains a lead form or RSVP form to be submitted by the visitor. We use the session ID stored in the storage to link the form submission with the session created.

  • Does this requires Cookies content to be displayed to the user?
  • Without the session-id, the user won’t be able to perform any activity on the page like lead submit or RSVP submit. Will it be the best practice to enforce the user to allow the cookies before the actual data is displayed and if declined, do not serve the data?
  • What if we do not use cookies or localStorage and store the session ID in a variable of SPA and use it to carry on lead submission or RSVP, will it still require user consent as per the GDPR?