The security is still implemented on the server. When you log in, most sites issue a cookie or otherwise store in the browser an authentication token. Subsequent requests provide that token so the server knows it’s still you. If the cookie is not persisted across tabs or browser sessions, every time you visit the site you must log in again (there are ways to make browsers do this if you really want to). If you didn’t allow even temporary client-side storage while on the page, most of the internet just wouldn’t work.
The security is still implemented on the server. When you log in, most sites issue a cookie or otherwise store in the browser an authentication token. Subsequent requests provide that token so the server knows it’s still you. If the cookie is not persisted across tabs or browser sessions, every time you visit the site you must log in again (there are ways to make browsers do this if you really want to). If you didn’t allow even temporary client-side storage while on the page, most of the internet just wouldn’t work.