To start dropping cookies on your user's browser, you should receive consent to do so first. But it is important to note that the consent is not lasting forever, it should be updated regularly.

For example, as the eprivacy Directive states, websites should renew Cookie Consent at least once a year. However, other institutions say that Cookie Consent should only last for half of that time – six months. For example, the Irish Data Protection Commission and the French Data Protection Authority (CNIL) support this case for a shorter cookie consent duration.

As for other laws, the EU General Data Protection Regulation (GDPR) does not specify a time limit for how long cookie consent should last, but you should set renewal period guidelines yourself considering your respective DPA.