2

I would have liked to know what the difference is between LocalStorage and SessionStorage. Also, in the context of authentication, what should be used? Because the user can view and change the content of SessionStorage and LocalStorage in the browser.

dna
  • 486
  • 1
  • 9
  • 18
  • Possible duplicate of https://stackoverflow.com/questions/19867599/what-is-the-difference-between-localstorage-sessionstorage-session-and-cookies?noredirect=1&lq=1 – Gabriel Ferrarini Dec 17 '18 at 16:22
  • 2
    Possible duplicate of [HTML5 Local storage vs. Session storage](https://stackoverflow.com/questions/5523140/html5-local-storage-vs-session-storage) – ponury-kostek Dec 17 '18 at 16:22
  • As you already know that user can change and view the above storage, you are not supposed to use either of the above. Also, for the difference between local and session, consider searching it online. – Mr. Alien Dec 17 '18 at 16:23
  • What should be used if LocalStorage and SessionStorage are not to be taken – dna Dec 17 '18 at 16:28
  • first understand what's client side vs server side. secondly, use a backend technology like nodejs, php, rails etc.. and authenticate users from server side rather than the client side – Mr. Alien Dec 17 '18 at 16:31
  • So what is the solution to store the Token sent back by my backend side front? – dna Dec 17 '18 at 16:47

2 Answers2

1

Session Storage is deleted as soon as the browser tab in question is closed. Local Storage exists until deleted or it hits its expiration (usually a very long time). Neither should be used for Authentication unless you don't have any private data being thrown around. If it's more of a pet product to keep track of someone being logged in, Local would be the better of the two.

https://www.quora.com/What-is-the-difference-between-sessionstorage-localstorage-and-Cookies

adr5240
  • 354
  • 1
  • 2
  • 14
1

Cookies, session and local storage serve different purposes. Cookies are primarily for reading server-side, local/session storage can only be read by the client-side. In your app, who needs this data — the client or the server?

If it's your client (your JavaScript), then by all means switch. You're wasting bandwidth by sending all the data in each HTTP header.

If it's your server, local storage isn't so useful because you'd have to forward the data along somehow (with Ajax or hidden form fields or something). This might be okay if the server only needs a small subset of the total data for each request.

LocalStorage is an implementation of the Storage Interface. It stores data with no expiration date, and gets cleared only through JavaScript, or clearing the Browser Cache / Locally Stored Data - unlike cookie expiry.

Mosè Raguzzini
  • 15,399
  • 1
  • 31
  • 43
  • I have an application with a React client that calls a backend Spring. My application manages the authentication part. I have a login form and the backend sends me a Token that I send in header to every backend call to find out whether or not the user has the right to call this api – dna Dec 17 '18 at 17:02