How the server and client store a persistent state

[voyageh]

The loader request API, how to carry a token, how the client request API carries a token, and how the server and client store a persistent state

[sergiodxa]

You need to use cookies or session cookies to keep data, like tokens, between requests. The browser will store the cookie or session cookie and send it on every request to your server automatically.

Ideally, you want your cookie to be configured as httpOnly so client-side JS can't read it, add a secret, enable secure as true in production to require HTTPS, and set sameSite as lax which will help mitigate CSRF attacks.