Very newbie question but is this always true? "Another distinction is that sessionStorage will expire when you close the tab rather than when you close the browser" So I cannot use session tokens in the same way as (secured) cookies for letting the user e.g. logged in when all tabs closed?
There are two types of "web storage" that you could use for this, localStorage and sessionStorage. The former persists indefinitely, the latter is removed when the tab is closed.
If you wanted user tokens to persist past the current browser session, you'd use localStorage.
