VS Code Server web: GitHub auth tokens lost on page refresh/folder switch (in-memory only)

[mutl3y]

Description

When using VS Code Server (server-linux-x64-web) accessed via a browser, GitHub authentication tokens (Copilot, git operations) are stored in-memory only and lost whenever the page is refreshed or a different folder is opened.

Root Cause

In src/vs/code/browser/workbench/workbench.ts (line 619-621), the secretStorageProvider is set to undefined when remoteAuthority is set and the vscode-secret-key-path cookie is missing:

secretStorageProvider: config.remoteAuthority && !secretStorageKeyPath
    ? undefined /* with a remote without embedder-preferred storage, store on the remote */
    : new LocalStorageSecretStorageProvider(secretStorageCrypto),

The vscode-secret-key-path cookie is only set by the CLI (cli/src/commands/serve_web.rs), not by the server (src/vs/server/node/webClientServer.ts). So when using the server binary directly, the cookie is never set → secretStorageProvider is undefined → BrowserSecretStorageService falls back to super(true, ...) → in-memory only.

Impact

• Copilot requires re-authentication after every page refresh or folder switch
• GitHub authentication for git operations is lost
• Any extension using SecretStorage API loses its data

Proposed Fix

Always use LocalStorageSecretStorageProvider which persists encrypted secrets in VS Code Server web context stores encrypted secrets in the browser's localStorage:

secretStorageProvider: new LocalStorageSecretStorageProvider(secretStorageCrypto),

Steps to Reproduce

1. Start VS Code Server: code-server --host 0.0.0.0 --port 8443
2. Open in browser, sign in to GitHub via VS Code accounts menu
3. Copilot works
4. Refresh the page or open a different folder
5. Copilot prompts for re-authentication

Environment

• VS Code Server server-linux-x64-web (latest stable)
• Browser: any (Chrome, Firefox, Edge)
• OS: Linux