Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it secure to store user’s session id in localStorage? On w3.org site, they say
User agents must raise a SECURITY_ERR exception whenever any of the
members of a Storage object originally returned by the localStorage
attribute are accessed by scripts whose effective script origin is not
the same as the origin of the Document of the Window object on which
the localStorage attribute was accessed.
So does this mean localStorage could be used for sensitive data?
It depends upon what you mean by "is it secure"?
localStorageis about as secure as a non-path restricted cookie. From web pages, it can only be accessed by pages from the same domain. Zillions of sites store session ids in cookies which have about the same security restrictions aslocalStorage.Outside of web pages, neither
localStoragenor cookies are secure at all from access by other programs or even web debugging tools running on the same computer.