PHP

How to implement authorization and background data retrieval in a browser extension?

Good afternoon, there is an extension for Chrome with authorization / registration capabilities and background data retrieval from the server.
Authorization
At the moment, the authorization algorithm is implemented as follows:
1. Data from the form is sent to the server and checked for validity.
2. If the data is correct, then the server returns a token (encrypted user login).
3. The token is stored in the browser's localstorage and serves as a login ID.
Question: is this algorithm safe? Can a user change data in localstorage? Are there any better authorization methods in a browser extension?
Background data acquisition
The extension must constantly receive fresh data from the server. At the moment, this mechanism is written using SSE.
1. Sessions are recorded during authorization.
2. Using sessions and SSE, the server sends the necessary data.
When sessions die, the client will stop receiving data from the server.
Question: are there any better methods for constantly background receiving data from the server other than (setinterval() and websocket)?