Hissingsid - 7:43 am on Apr 20, 2012 (gmt 0)
If cookie is set by JS then JS is OK since cookie will not be set if JS is switched off. The last time I looked at stats well under 5% of users have JS disabled. Otherwise we wouldn't be bothered about Google Analytics anyway.
If cookies are set by server side script then the server side scripting needs to take care of the consent issue. Same principal though, on consent, set a consent cookie. Each script then checks for consent cookie and only if present set other cookies.
There are other ways to maintain state in session based systems other than cookies. Encoded query strings, frames etc etc. I remember when scripters first started using cookies and there was much discussion about alternative strategies. Cookies ended up just being easier.