7 files changed, 30 insertions, 25 deletions

diff --git a/views/archive/index.php b/views/archive/index.php
index ac6ada6..7de2dff 100644
--- a/views/archive/index.php
+++ b/views/archive/index.php
@@ -18,13 +18,8 @@
 
     <form action="#" method="POST">
         <input type="hidden" name="page_url" value="<?= $url ?>">
-        <input id="token" type="hidden" name="token" value="">
         <input type="submit" value="Archive Now!">
     </form>
-    <script type="text/javascript">
-        const tokenInput = document.getElementById('token');
-        tokenInput.value = sessionStorage.getItem('token');
-    </script>
     <!-- Button to add to list -->
     <!-- Button to delete -->
 
@@ -61,12 +56,7 @@
     <h2>"<?= $url ?>" hasn't been archived yet!</h2>
     <form action="#" method="POST">
         <input type="hidden" name="page_url" value="<?= $url ?>">
-        <input id="token" type="hidden" name="token" value="">
         <input type="submit" value="Archive Now!">
     </form>
-    <script type="text/javascript">
-        const tokenInput = document.getElementById('token');
-        tokenInput.value = sessionStorage.getItem('token');
-    </script>
 
 <?php endif; ?>
diff --git a/views/authenticate.js b/views/authenticate.js
index 8b158ce..398794a 100644
--- a/views/authenticate.js
+++ b/views/authenticate.js
@@ -1,3 +1,25 @@
+var cookieStorage = {
+    getItem: function(index) {
+        let cookies = document.cookie.split(';');
+        for (cookie of cookies) {
+            let values = cookie.trim().split('=');
+            if (values[0] === index) {
+                return values[1];
+            }
+        }
+        return undefined;
+    },
+    setItem: function(index, value, expires = 'Fri, 31 Dec 9999 23:59:59 GMT') {
+        let cookie = index + '=' + value + ';';
+        cookie += 'expires=' + expires + ';';
+        cookie += 'path=/';
+        document.cookie = cookie;
+    },
+    removeItem: function(index) {
+        cookieStorage.setItem(index, "", 'Thu, 01 Jan 1970 00:00:00 GMT');
+    },
+};
+
 var authentication_response = null;
 var authentication_callbacks = [];
 
@@ -9,7 +31,6 @@ function requestAuthentication() {
         authentication_response = (request.status == 200) ? request.responseText : "";
     }
     request.open("POST", "/authenticate", true);
-    request.setRequestHeader("Authorization", sessionStorage.getItem("token"));
     request.send(null);
 }
 requestAuthentication();
diff --git a/views/global/router.php b/views/global/router.php
index fa9348d..cd9b304 100644
--- a/views/global/router.php
+++ b/views/global/router.php
@@ -40,6 +40,8 @@ foreach (glob($MODELS_DIR . '/*.php') as $filename) {
     require_once $filename;
 }
 
+$TOKEN = (array_key_exists('token', $_COOKIE)) ? ($_COOKIE['token'] ?? "") : ("");
+
 if (str_ends_with($view, '.php')) {
     require_once $view;
 }
diff --git a/views/login/index.php b/views/login/index.php
index 94faafe..da0d8e2 100644
--- a/views/login/index.php
+++ b/views/login/index.php
@@ -10,7 +10,7 @@
             </span></p>
         <?php else: ?>
             <script type="text/javascript">
-                sessionStorage.setItem("token", "<?= $token ?>");
+                cookieStorage.setItem("token", "<?= $token ?>");
                 window.location.href = "/";
             </script>
         <?php endif; ?>
diff --git a/views/logout/index.php b/views/logout/index.php
index fc9af5a..87878ed 100644
--- a/views/logout/index.php
+++ b/views/logout/index.php
@@ -1,14 +1,11 @@
 <h2>Logging you out...</h2>
 
 <script type="text/javascript">
-    if (!sessionStorage.getItem('token')) {
+    if (!cookieStorage.getItem('token')) {
         window.location.href = '/';
     }
 
     function deleteToken(response) {
-        let token = sessionStorage.getItem('token');
-        sessionStorage.removeItem('token');
-
         let request = new XMLHttpRequest();
         request.onreadystatechange = function() {
             if (request.readyState < 4) return;
@@ -16,8 +13,9 @@
             window.location.href = '/';
         }
         request.open("DELETE", "#", true);
-        request.setRequestHeader("Authorization", token);
         request.send(null);
+
+        cookieStorage.removeItem('token');
     }
     authenticated(deleteToken);
 </script>
diff --git a/views/newlist/index.php b/views/newlist/index.php
index 289c9da..72ac7a3 100644
--- a/views/newlist/index.php
+++ b/views/newlist/index.php
@@ -1,5 +1,5 @@
 <script type="text/javascript">
-    if (!sessionStorage.getItem('token')) {
+    if (!cookieStorage.getItem('token')) {
         window.location.href = '/login';
     }
 </script>
@@ -19,10 +19,5 @@
 
     <input type="text" name="name" placeholder="List title" minlength="1">
     <textarea name="description" placeholder="Description"></textarea>
-    <input id="token" type="hidden" name="token" value="">
     <input type="submit" value="Login">
 </form>
-<script type="text/javascript">
-    const tokenInput = document.getElementById('token');
-    tokenInput.value = sessionStorage.getItem('token');
-</script>
diff --git a/views/profile/authenticate.php b/views/profile/authenticate.php
index afe1ca7..e4cf47e 100644
--- a/views/profile/authenticate.php
+++ b/views/profile/authenticate.php
@@ -9,8 +9,7 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 }
 
 try {
-    $headers = apache_request_headers();
-    $user = Database\Cookie::fromDB($headers["Authorization"]);
+    $user = Database\Cookie::fromDB($TOKEN);
 
     http_response_code(200);
     header('Content-Type: text/plain');