Proper way to handle browsers that block third party cookies (like Safari)

According to previous forum posts and the docs, the right way to deal with browsers that block third party cookies, like Safari, is to use refresh tokens and set cacheLocation to ‘localstorage’. After doing this, I noticed that simply setting cacheLocation to ‘localstorage’ also resolves the issue.

So my question is, why is the recommendation always to use refresh tokens (which by themselves don’t resolve the issue) and not just to use local storage as the cache location?

Would it be better to use local storage to store the token AND using refresh tokens or to just use cache location local storage and not refresh tokens?


HI @napter

The question is what happens when an access token expires. If you don’t use refresh tokens, then you are relying on sessions – and cookies. So you do need refresh tokens.


1 Like