The complexity of the bookmarklet that directly stores data is that it can only store data in a cookie or in localStore, both of which "belong" to any page on which it is currently included. This means that it will not work again the next time you use it on another page, and also means that the page you are on can access data, which is usually very bad for security.
There are two main ways your situation usually handles it. Two main ways:
1.) The application used allows the user to log in with a cookie. Login information is not stored in a cookie; only session id. This happens when you return to many popular websites, you no longer need to log in. Very often, these types of bookmarks open a small pop-up window for the user containing the page from the application. If the user is not logged in, the application will first prompt the user to log in. This bookmarklet does not actually know anything about whether it was signed or not.
2.) Each bookmarklet is customizable for each person. Thus, my bookmarklet will be different from yours. The difference is simply that mine will contain my registration information in code, and yours will contain your registration information in code. In fact, each of us must first enter the application before we can get our own personalized bookmarklet.
As a rule, option 1 is better, simpler and safer.