[croshan]

Your logon cookies should be set serverside, with the Secure and HttpOnly flags set, entirely unaccessible by javascript. So they'll last 6 months.

When I see cookies set by javascript, their primary purpose seems to be user tracking, not auth.

[matips]

Sometimes cookies are used as they were designed - to store data in browser. For example 5etools-mirror-1.github.io. App without cloud storage or user account system. It stores your shortcuts in YOUR cookies, not in the server's DB.

[mazlix]

That would mean you are sending your shortcuts to the server on every request, localStorage would be much better in that case to save bandwidth.

[ris58h]

That's why we have localStorage.

[jefftk]

Local storage is also cleared on the same schedule, or else it could be used as a substitute for cookies.