Until now the output from all inputs, access tokens for authentication and conditionals were saved in cookies in the project that I started working on, so that they are easily accessible at the end of the form to create a ticket. In theory this is a risk, as the user could just adjust the values saved in the cookies. Local storage would not be an option as the values are not deleted after a while. Session storage would serve in a similar way as cookies, as far as I understand, but the values could still be adjusted.
In which cases do I want to use cookies for my values and when to keep them only in the code logic? As I did not make the decision to save everything in the cookies and I haven't found an answer yet, perhaps there are some best practices to follow.