I'm making a side project building a web page levaring only on vanilla javascript. I pretent to have a login page and all the other pages require authentication. I already have a login page which obtains an authentication token upon a sucessfull login. However, I'm having problems in understanding/fiding what to do next. My questions are the following:
How to keep the token across multiple pages? Save it where temporaly? I saw some people arguing that saving tokens is bad becase they are prone to be stolen.
How to redirect the browser to the main page after the login with the token? From what I've seen, there are two ways to obtain a page: let the browser do it (e.g. by changing location) or use ajax. The first approach does not alloow to attach the token and the second obtains the html yet I'm unable to find a way to "update" the page accrodigy to that html. What I've been doing is document.write(new_html) but the DOM in the development window disapears after that and the windows.onload handler set whithin that html is not triggered. So, what is the correct way to use a token to implement a web site with authentication.