I had a similar problem. I don't see anything bad in person, checking cookies and rewriting to a UI session, if possible. The server is still protected by the correct cookies.
In my case, however, I was not able to verify cookies through JS, as they were set as http-only . In the end, I had to go for the following solution:
When a user logs in for the first time, successfully create an instance of sessionStorage to indicate that there is an active session:
window.sessionStorage.setItem(sessionKey, stringifiedUserToken);
If the page refreshes, check this session item and re-register the active session:
const activeSession = window.sessionStorage.getItem(sessionKey); if (activeSession) {
If the user logs out, destroy the storage token.
All interaction with the server still requires a cookie to be transmitted together, so this is an exclusively interface problem.
Session storage will be emptied at the end of the browser session, so this naive approach may not work for βpersistentβ sessions. It has really great browser support: http://caniuse.com/#search=sessionStorage