Use Cookies as a Token carrier

[tenkus47]

Description

This document outlines the proposed changes to the application architecture to transmit tokens via cookies rather than sending them in the loader GET request. The motivation for this change is to enhance performance and follow suggested best practices.

Completion Criteria

• Token transmission method is changed from loader GET request to cookies.
• Application successfully retrieves and uses the token from the cookie.
• The new implementation is tested and verified to be faster and more secure.

Steps

• [x] Modify Server-Side Token Generation
• [x] Remove Token from Loader GET Request Action: Update the client-side code to remove the token from the loader GET request.
• [x] Retrieve Token from Cookie in Backend Loader Action: Update the backend loader endpoint to retrieve the token from the cookie instead of the query parameter.
• [x] Test the Implementation Action: Conduct thorough testing to ensure the token is correctly set in the cookie, and the application functions as expected.

[tenkus47]

i was going through some api docs and methods for securing API , found out that generally the token that are related to api are sent using cookies, which is more secure than normal get request data or storing the token in localstorage. because cookie are not accessible to Javascript directly and by default perform CORS restriction too.

[Karma-Tsering]

Working as expected

with user-prefs token

without user-prefs token

[ta4tsering]

@Karma-Tsering test https://kharagedition.com/product/tibetan-ai-bot if it works or not ?

[Karma-Tsering]

Kharagedition is still working