Hi everybody! First I apologise if my English is not the best. It's not my native language.

This is my first post, it's 3 am and I cannot sleep thinking in what's could be the best practices for a JavaScript front end application to authenticate the user?

I'm building a PHP (Laravel) backend REST API to be consumed by a Vuejs + vuex app. I added authentication using Laravel passport and when user login the vue app request for an access token using the user credentials. Then store the token in a vuex store. Here all works fine, but if I make a full reload to the page, the vuex store it's initialized and the access token must be requested again.

My question is, can I store the access token in the local storage to keep the user logged in even though reload page? Of course if I can do this I will manage expiration time for token, but...

It's this secure?

It's suppose an API must be stateless, so there is no reason to use server session and should not use Cookie's, right? If I can how to read token from cookie using JavaScript??

Any help would be great!