javascript - Issues about user login and information storage

Question

Recently I am working on a WeChat project with multiple pages. I have some questions about user login:
1. Is the user permanent login (30 days) a front-end implementation or a back-end implementation?
The front end can store the account number and encrypted password in a cookie to achieve this requirement. Is this a security issue?
After thinking about it, it seems that it can be achieved without saving the password.

2. Can the user information returned after successful login be directly stored locally using localStorage? Because user information needs to be automatically completed when submitting some orders on subsequent pages, will there be any security issues?

I’ve always been confused, please tell me how everyone usually achieves it, thank you

Answer 1

What is saved is something similar to a token. Passwords must not be saved, regardless of whether they are encrypted or not.

Both the front and back ends need to be implemented, and the back end also needs to ensure that the token expires and cannot be used again after 30 days.

It is best to obtain key information from the backend when needed.