I am developing a website that uses one's Google Account to log into the site. The site goes through the process of obtaining the OAuth2 token and logs the user in. However, after a short amount of time my site forgets the token in its session variables (PHP) and therefore logs the user out. I need to store the OAuth2 token for a longer period of time but I'm not sure where to store it securely. If I store an OAuth2 token in a Cookie does it open the site up to any security risks?