HTTP Cookies

Where to save information that the user has allowed the use of cookies?

The European data protection law GDPR has come into force. According to which, if a site uses cookies, then it seems like (more on this below) you need to get its permission to do so. In this connection, 2 questions:
1. Do I understand correctly that the permission to use cookies must be saved ALSO in cookies (permanently), so the user has the opportunity to revoke his permission by clearing cookies? If, yes, then it is not clear if he refused - in this case, do not save anything and ask him every time you enter the page? I saw options where there is an opportunity ONLY to agree and it turns out that if the site visitor does not agree, it (the agreement with the button) always hangs.
2. I didn’t delve into the wilds of the law at all, but as I understand it, cookies cannot be used without consent for marketing, subscriptions, analytics. Is this convention necessary for PHPSESSID for example?