**Describe the bug** The access_token is stored in the local storage and, therefore, open to XSS attacks. **To Reproduce** Steps to reproduce the behavior: 1. Setup project 2. Enable authentication 3. Sign up and in **Expected behavior** The access_token is stored in the cookies **Screenshots** 