Hi @this-andy! When a user authenticates with Auth0, the authorization server stores an auth0 cookie in order to keep track of the user’s Auth0 session. Why does checkSession need cookies? - #2 by ricardo.batista provides an explanation of this.
Additional cookies may be stored with session details for your specific application if you implement a flow that uses cookies, such as authorization code flow. (You care in control of this, however, Auth0 does not do the application-level cookie creation.)