Keep their values in a webstorage entry, and eliminate the last usage of cookies.
That will also remove the need for the secret_key config value.