Hi,
Storing a user’s session token in local storage is a common practice, but it should be done securely. It’s important to avoid exposing the token in your source code and consider using HTTP-only cookies for added security.
In terms of other services like Google Firebase, they also use similar mechanisms for token storage, often utilizing secure methods such as HTTP-only cookies to protect sensitive data. The key is to follow best practices and security guidelines to ensure the safety of session tokens and user authentication data.
Exactly, obtaining a token stored in local storage even with these precautions in place, is akin to unauthorized use of a laptop with an active user account. Security in this context relies on the responsibility of the user.