Switch refresh token storage from cookies to localStorage

2026-05-01 20:03:30 +02:00 · 2026-02-05 17:55:21 +02:00 · 2026-02-05 17:55:21 +02:00 · 233852b681
commit 233852b681
parent f3a9922eb9
7 changed files with 160 additions and 88 deletions
--- a/surfsense_backend/app/utils/auth_cookies.py
+++ b/surfsense_backend/app/utils/auth_cookies.py
@ -1,29 +0,0 @@
-"""Utilities for managing authentication cookies."""
-
-from fastapi import Response
-
-from app.config import config
-
-REFRESH_TOKEN_COOKIE_NAME = "refresh_token"
-
-
-def set_refresh_token_cookie(response: Response, token: str) -> None:
-    """Set the refresh token as an HTTP-only cookie."""
-    response.set_cookie(
-        key=REFRESH_TOKEN_COOKIE_NAME,
-        value=token,
-        max_age=config.REFRESH_TOKEN_LIFETIME_SECONDS,
-        httponly=True,
-        secure=True,  # Only send over HTTPS
-        samesite="lax",
-    )
-
-
-def delete_refresh_token_cookie(response: Response) -> None:
-    """Delete the refresh token cookie."""
-    response.delete_cookie(
-        key=REFRESH_TOKEN_COOKIE_NAME,
-        httponly=True,
-        secure=True,
-        samesite="lax",
-    )