2
      `$(function rememberMe() {

        if (localStorage.chkbx && localStorage.chkbx != '') {
            $('#remember-me').attr('checked', 'checked');
            $('#user').val(localStorage.usrname);
            $('#pass').val(localStorage.pass);
        } else {
            $('#remember-me').removeAttr('checked');
            $('#user').val('');
            $('#pass').val('');
        }

        $('#remember-me').click(function() {

            if ($('#remember-me').is(':checked')) {
                localStorage.usrname = $('#user').val();
                localStorage.pass = $('#pass').val();
                localStorage.chkbx = $('#remember-me').val();
            } else {
                localStorage.usrname = '';
                localStorage.pass = '';
                localStorage.chkbx = '';
            }
        });
    });

I have used local storage to implement "remember me " functionality on login page, but I have doubt how secure it is . I am storing password in local storage but i want to use better option .Encryption wont help as i have to send script for decryption on client side . Is there any alternative??

Pranesh
  • 71
  • 1
  • 1
  • 11
  • What kind of security are you worried about - what are you storing in local storage? – Ted Nyberg Apr 05 '16 at 06:45
  • 3
    `localStorage` .. _use it - don't abuse it.._ It is stored in the users web browser and is highly insecure for your purpose. It works well for example maintaining state of an interface for the user. You should go for a back-end solution presumably a token based auth. – urbz Apr 05 '16 at 06:47
  • @urbz . I need to give ajax call wherever redirecting from login page to get password. – Pranesh Apr 05 '16 at 07:00

2 Answers2

6

Do not store the password. Do a hash-encryption on the server side and store a cookie (localstorage or whatever) on the browser, better if you serve it over https. Always do the encryption/decryption server side.

You can see a great explanation on how to do it securely and following best practices in this stackoverflow answers:

What is the best way to implement "remember me" for a website?

The definitive guide to form-based website authentication

Wherever it says cookie you can place localstorage instead.

Community
  • 1
  • 1
Astaroth
  • 763
  • 6
  • 25
2

Never storage password in local storage.

  1. Make an authentication,
  2. Create session key and store this key in SQL,
  3. Save session key in user storage,
  4. Restore session by session key,
  5. If user relogin, create a new session key.
Eliasz Kubala
  • 3,836
  • 1
  • 23
  • 28