Bearer token is not something you can pass from a web app. And you can definitely set up a mobile app to use cookies without any problems. We used to have fully native mobile apps that do that.
How is Russia related to anything? We're not based in Russia, if that's what you're implying. And it's not something specific to a country. All big tech companies, like Google, Microsoft, Facebook etc, allow regular users to generate keys and tokens for various services and apps. And I'm sure it's a very common practice in your local tech companies as well.
why Bearer token is not something you can pass from a web app ?
You are right about 2.
How do you pass it from a web app? Please provide an example.
There is some reason socket only supports cookie? I mean, it's about security concerns?
Another question, what is the lifetime of an session in the backend? ( with persistence and no persistence )
and the last one, why a normal user ( not admin ) has the ability to issue "Tokens" to me, it does not make much sense, or I missing something.
I would be very thankful if you can answer this questions. Thanks a lot for this amazing tool and sorry for these dumb questions, but I need this to understand better