How the Option "Set Cookies" Works

This article describes in detail how the option works in the Anti-Spam Plugin by CleanTalk for WordPress:

https://wordpress.org/plugins/cleantalk-spam-protect/#description

WordPress Admin Page —> Settings —> Anti-Spam by CleanTalk —> Advanced settings —> category "Data Processing" —> Set cookies

Option "Set cookies"
It determines what methods of using the HTTP cookies the anti-spam plugin for WordPress should switch to. It is necessary for the plugin to work properly. All CleanTalk cookies contain technical data. Data of the current website visitor is encrypted with the MD5 algorithm and being deleted when the browser session ends.

Position "On"
The cookies will be used in a standard way in the visitors' browsers. If the plugin Varnish or any other cache plugin is active on the website, then it might affect the CleanTalk plugin. The CleanTalk Anti-Spam Service identifies automatically if Varnish (or any other popular cache plugin) is active and disables the usage of cookies on website pages. However, we strongly recommend switching the option to "Use alternative mechanism for cookies".

Position "Off"
The "Off" option uses local storage instead of cookies. Caching plugins have no negative effect. We recommend using this option.

Position "Use alternative mechanism for cookies"
Using this position may help in solving the problems with standard browser cookies. In this case, all technical data is not being kept in the browser cookies but in the website database and then being deleted. 

There are two ways of using this option. The mechanism of the alternative cookies is being selected automatically and depends on the website configuration.

Firstly, the CleanTalk AJAX handler is being activated and the plugin tests how it works. It uses AJAX requests to record data in the website database.

Secondly, if the first way fails, the WordPress REST API is being activated. It uses the WordPress REST API to record data in the database. The WordPress REST API might not work if it is disabled in your WordPress configuration by a plugin and the file "functions.php" was modified on purpose.

Thirdly, if the second way fails too, the standard mechanism of WordPress AJAX will be activated ("admin-ajax.php"). 

The most optimal mechanism for the alternative cookies is using the CleanTalk AJAX handler. If it wasn't activated by default and you still want to activate it then most likely there not enough Read-Write rights for the file "wp-content/plugins/cleantalk-spam-protect/lib/Cleantalk/ApbctWP/Ajax.php". Please, check the rights of the file and set them to rw- r-- r--.

With high-traffic websites, the alternative mechanism for cookies might add extra load on the website, so it is better to use the default position for the option "Set cookies" (Position "On").

Position "Auto"
The plugin uses the same cookies settings as for position "On" if there are no known cache solutions found. Otherwise, cookies will be set to "Off".