I hope they asked permissions for storing those cookies. Otherwise they're violating various EU laws.
replies(6):
https://commission.europa.eu/resources-partners/europa-web-g...
In this case, this one might fit:
> User centric security cookies, used to detect authentication abuses and linked to the functionality explicitly requested by the user, for a limited persistent duration
> for a limited persistent duration
FTA:
> However, the VGUI browser had no issues saving cookies with expiry dates exceeding 10+ years!
So no, it doesn't even qualify.