As per GDPR, the user does not need to give consent for your application to use session cookies. This is because they fall under essential cookies and not tracking cookies:
"While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user."
Information about our session cookies 🍪
sAccessToken: This is the session's access token which is used in each API call to verify that the user was authenticated and to get their user ID.
sRefreshToken: This is the session's refresh token which is used to get a new access (and refresh token) when the existing access token expires.
sIdRefreshToken: Used to detect if a session is alive on the frontend.
front-token: Used to access a session's JWT payload and user ID on the frontend without exposing the
anti-csrf: Used to prevent CSRF attacks.