Group

You’re viewing an example audit

Fortivibe reviews your app for the security, data, reliability, and deployment issues that can turn a promising prototype into a production headache.

Run an Audit on My App

Fix Prompt

Store the session token in an `HttpOnly`, `Secure`, `SameSite=Lax` cookie set by the server. Remove all `localStorage.setItem`/`getItem` calls for the token.

Psst: this prompt should but is not guaranteed to fix the issue. Each tool (and the models they use) are different and outside of our control.

What does this mean?

`localStorage` is readable by any JavaScript on the page. `HttpOnly` cookies are not.