Supabase stores access_token in local storage

**Describe the bug**
The access_token is stored in the local storage and, therefore, open to XSS attacks.

**To Reproduce**
Steps to reproduce the behavior:
1. Setup project
2. Enable authentication
3. Sign up and in

**Expected behavior**
The access_token is stored in the cookies

**Screenshots**

![Image](https://github.com/user-attachments/assets/94e2a7c0-ce8f-4886-b10b-a4fd40de2302)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Supabase stores access_token in local storage #1198

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Supabase stores access_token in local storage #1198

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions