Fastboot best practice

[ChoffaH]

When I use this library with Fastboot the page first renders without any authentication, as expected when it's rendered on the server, then after a second restores the state.
My question is if it's safe to use the CookieStore for this plugin? I did read somewhere that the refresh token should not be stored in the cookie store.

Or is there some other better way to handle this?

[fenichelar]

@ChoffaH Depends on your specific security requirements. You would definitely want to implement CSRF tokens if you use the cookie store.