Discussion of Please Stop Using Local Storage

Local storage shouldn't be used to store sensitive data. It's unsafe!. Tagged with programming, security, javascript.

Storing a JWT in the cookies is perfectly OK and it has the advantage of not needing custom JS code to pass it to each HTTP request to your backend.

The article seems to put forward two seemingly separate arguments, that localStorage is not a good API and that localStorage is insecure.

localStorage had not been updated with this feature and there are no discussions around it happening in the future. Common security ...

Local storage is protected by the origin access policy. If that is compromised by XSS, it doesn't matter how or where the data is stored; it's ...

... using JS and localstorage. Interesting read if u have time- https://dev.to/rdegges/please-stop-using-local-storage-1i04. Upvote 1. Downvote

Understanding the security risks of localStorage and what to use instead for tokens, secrets, and sensitive user data.

Usability. The user will not know if you are using localStorage or a cookie. If a user disable cookies, localStorage will not work either.

If an attacker can run JavaScript on your website, they can retrieve all the data you've stored in local storage and send it off to their own domain.

... localStorage & where to store sensitive data take a look on this article. https://www.rdegges.com/2018/please-stop-using-local-storage/.

Let's start with the basics: local storage is a new feature of HTML5 that basically allows you (a web developer) to store any information ...

I came across this article that is attempting to stop developers from using local storage unless absolutely necessary for security reasons.

I've been developing single-page web-apps for a while now, and it's gotten into my habit to use LocalStorage to store JWTs.

I posted before in a similar discussion somewhere. The local ... Randall Degges - Please Stop Using Local Storage. Stop using local ...

To see why its bad practice this article presents a summary. https://dev.to/rdegges/please-stop-using-local-storage-1i04 · https://github.com ...

... avoid using localStorage to store the JWT and instead to rely on cookies. https://www.rdegges.com/2018/please-stop-using-local-storage/ Thanks.

Now, I'd like to use localStorage to avoid redundant calculations and server requests. However, according to the HTML5 spec, local storage is ...

... discussion here. JWTs are stored in localStorage, but according to this article (Randall Degges - Please Stop Using Local Storage), … I ...

I am wondering if I am wrong thinking like this or if nonsense like https://dev.to/rdegges/please-stop-using-local-storage-1i04 needs to die. TL ...

localStorage.clear();. Note: Please refer to the Using the Web Storage API article for a full example. Specifications. Specification. HTML ...