They're okay. Login cookies are fine for instance, so are temporary shopping cart cookies, etc. Everything that you use to deliver functionality that the user explicitly requested is generally fine.

IANAL.

The rules are somewhat imprecise, but basically any functional cookies do not need to have consent as it is implied by the user using the service. This includes thinks like the user-identifier to know who is logged in for example.

That's good to know. I thought "any cookies" meant "need banner"