What does this PR do?
We can't make the cookie HttpOnly
because we're setting it from
Javascript, but I'm not sure it's worth the trouble to redesign that:
JSON.parse(localStorage.account).token
gives you the token anyway,
hiding the cookie from JS won't offer much protection.
At least we can mark is Secure
(meaning, only send it over HTTPS)
and delete it on logout (it wasn't!)
Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines