You’re viewing an example audit
Fortivibe reviews your app for the security, data, reliability, and deployment issues that can turn a promising prototype into a production headache.
Run an Audit on My AppFix Prompt
Store the session token in an `HttpOnly`, `Secure`, `SameSite=Lax` cookie set by the server. Remove all `localStorage.setItem`/`getItem` calls for the token.
Psst: this prompt should but is not guaranteed to fix the issue. Each tool (and the models they use) are different and outside of our control.
What does this mean?
`localStorage` is readable by any JavaScript on the page. `HttpOnly` cookies are not.