Why isn't my session state working in ASP.NET Core? Session state, GDPR, and non-essential cookies

In this post I describe a problem that I've been asked about several times related to session state. The scenario goes something like this: Scaffold a new ASP.NET Core application Set a string in session state for a user, e.g. HttpContext.Session.SetString("theme", "Dark"); On the next request, try to load the value from session using HttpContext.Session.GetString("theme"); but get back null! "Gah, this stupid framework doesn't work"