The issue with using cookie store on the frontend in header based auth is that those cookies are not secure. So during page loads, those can be sent over the network even with http.
Therefore, i think we should use localstorage by default. And then only use cookie storage if user has set frontendCookieDomain
The issue with using cookie store on the frontend in header based auth is that those cookies are not secure. So during page loads, those can be sent over the network even with http.
Therefore, i think we should use localstorage by default. And then only use cookie storage if user has set frontendCookieDomain