I am not aware of any distinction in the legislation between session cookies and persistent cookies

My knowledge of the legislation is only partial. It is our intention to comply with it, but more important to us are the Google data layer requirements as we rely on remarketing code. Google seem to require a popup distinct from a banner and don't seem to like persistent cookies. We did some tests a while back but they perhaps weren't totally thorough as we made some assumptions.

The way we implement cookies is to present a small popup right at the bottom of the screen if the user doesn't have our cookieConsent cookie set. If they click no, we set that cookie to false or if they click yes, we set it to true and make it persistent for one year. From this we determine how we set other cookies - mostly to either make them persistent or not. Not that we use a lot of cookies - one for a banner popup and two for login purposes.