If you talk to a stateless api there is no alternative than to save them to local storage. Although the posts Eduardo linked are correct, if you read through the comments you'll find that there is really no other ways for SPAs to keep someone logged in. Just make sure your access tokens are short-lived and that they can be revoked
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If you talk to a stateless api there is no alternative than to save them to local storage. Although the posts Eduardo linked are correct, if you read through the comments you'll find that there is really no other ways for SPAs to keep someone logged in. Just make sure your access tokens are short-lived and that they can be revoked