[Feature Request] cookie-based storage of tokens

[niklasgrewe]

Goals

Securely store the tokens in the client so that they cannot be stolen by attackers

Expected Results

Storing tokens in httponly cookies is more secure because they cannot be escaped via XSS attacks. However, since the Web SDK is designed for multiple users, it is necessary to consider whether and how a cookie-based approach might work best.

Please take a look at this discussion as reference: https://github.com/realm/realm-js/issues/2964#issuecomment-792340691

[kneth]

@niklasgrewe Thank you for creating the issue. We will initiate a conversation with our IT security team to get a better understand what a solution should look like.

[saikksub]

@niklasgrewe, Are you able to resolve the issue yourself? I am looking for a way to persist the user authentication session when the user refreshes the page or reopens the browser.

[kraenhansen]

@saikksub user sessions should be persistent in local storage by default. If it's not, please create an issue with a reproduction 👍

[saikksub]

@kraenhansen Thanks! I have realApp.allUsers showing a list of users. But the currentUser is always null. So how do i "re-activate" the session for the curerntUser?

[saikksub]

@kraenhansen The user state from local storage shows logged-out. So, I need to find a way to make the user session persistent.