I’m asking this question, because there are no articles about storing tokens in browser.
Ok, we have cache, local/session storage, cookies. Cookies look like more secure storage with possibility to mark our tokens as secure, httpOnly, sameSite.
We have same storage for access and refresh token.
Is it normal or not to store both tokens in cookies with all flags?
(I didn’t find anything bad, but looks like I miss some cases)