Add Cookie Exclussive Mode #32
Description
An interesting idea came up in the forums. A security firm flagged Meteor's use of localStorage for auth token as problematic (I'm not an expert on this, so I have no comment).
A few other comments on the thread made two main suggestions: set some security flags (httpOnly and secure flags), and monkey patch Accounts._storeLoginToken() and Accounts._unstoreLoginToken() to manage the cookie, instead of managing the token in localStorage. The result would be a securely stored cookie, and no duplicated effort in localStorage.
I thought this could low hanging-ish fruit for this package since it already manages an auth cookie, so I thought I'd mention it.