If user logged in without "remember me" checked, use session storage for OAuth token

[raucao]

Currently, as a user logging into the site, you would expect to not stay logged in after closing the session, unless you check the "remember me" box (which, btw, we should probably explain better in a hover title or sth).

However, now that the OAuth token for the storage front-end is stored on the client-side, this behavior is not the case anymore. I'd propose to switch to sessionStorage instead of localStorage, in case the remember me box hasn't been checked. This info could be given to the front-end as a state param in the OAuth redirect.

[galfert]

Good catch. The solution idea sounds good to me.