Hey there!

I've been using Supabase for an enterprise level project and I've enjoyed the convinience that it provides. To continue using it I need some clarity on a few things - 1. How does Supabse use Cookies in a nextJS environment? I've been trying to check the "HttpOnly" attribute on the cookies (security concerns) but according to the docs, Supbase's client library needs constant access to these cookies for refreshing the auth tokens in the cookies. How do we manage this? The cookies become vulnerable to XSS attacks if this attribute is not on. 2. How do we decrease the expiry time on tokens using the dashborad? Each time I go to the dedicated option I'm redirected to the API settings page, is this a bug? Please clarify this ASAP? 😁 Here are the reproduction steps - Project settings -> Authentication -> Access token expiry -> and then i reach the API settings tab, why?