Login pt.2

[AsherSpurr]

• [x ] Store sensitive user info (token and email) in httpOnly cookies
• [x ] Once storage is secure create way to access new token when user logs in (may need to add header access to backend)

Note: apparently its 6 of 1 half dozen when choosing httpOnly vs local storage -> both leave you vulnerable to either XSS or CSRF attacks