While reading the new Webkit Intelligent Tracking Prevention (ITP) announcement here I tought this might impact Meteors’ usage of local storage as a login token store. Could this be the case?
I don’t know if you can use Secure and HttpOnly cookies to authenticate the initial websocket DDP call.
I was just chatting about this in the community Slack channel. There is some nuance here about how you arrive on the site, so it’s not just a blanket 7 days, but def seems like it could be a big problem.