Set Cookies on the Server:

Set cookies from your Express API in the backend rather than directly in the frontend. This approach helps keep sensitive data more secure and avoids potential issues with client-side manipulation. When a user logs in, you can create a session token (like a JWT or a session ID) and set it as an HTTP-only cookie. HTTP-only cookies are not accessible from JavaScript, so they provide an additional layer of security.