As per GDPR, the user does not need to give consent for your application to use session cookies. This is because they fall under essential cookies and not tracking cookies:
"While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user."
Information about our session cookies 🍪
sAccessToken: This is the session's access token which is used in each API call to verify that the user was authenticated and to get their user ID.
sRefreshToken: This is the session's refresh token which is used to get a new access (and refresh token) when the existing access token expires.
sIdRefreshToken: Used to detect if a session is alive.