Alright, so I'm creating a dashboard for my discord bot. I've created a login feature that's using discord's API to get the personal information, using the identify scope. However, I want to be able to refresh the page without having to login again.
I tried using localStorage, and while it works, it gives you access to login as anyone since you can modify the values of it using devtools. My second thought is to store the ip along with the user in a database, and even though it would work, is it the best approach?
You need to store something that the user can use to prove to the server that they are logged in as a particular user.
It sounds like you are storing the username, which clearly isn't evidence that they are that user.
A popular approach these days is to use a JWT which uses cryptography to prove that the username stored in it was put there by the server and not by the user (because the user wouldn't have the key to sign it with).