Skip to content

Supabase stores access_token in local storage #1198

Open
@skiunke

Description

@skiunke

Describe the bug
The access_token is stored in the local storage and, therefore, open to XSS attacks.

To Reproduce
Steps to reproduce the behavior:

  1. Setup project
  2. Enable authentication
  3. Sign up and in

Expected behavior
The access_token is stored in the cookies

Screenshots

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions