We have a fairly typical SPA + rest API application where we use Auth0 for authentication. Originally we had been storing the accessToken in Local Storage. We have come to learn of the security concerns with doing that and are working to resolve. However, it’s not clear exactly what the solution would be.
So, then is a normal cookie any more secure than local storage?