Lost data stored in localStorage issue

Question

I have a token stored in localStorage, I have also a method that verifies if the token is correct or not, as you can see in this code:

let token = localStorage.getItem('token');
console.log(token);

if ( !token )
{
    return null;
}

const parts = token.split('.');

if ( parts.length !== 3 )
{
    throw new Error('error');
}
....

if the token is undefined I will return null, else continue the verification.

There are two issues I can't understand:

Why did I lose the token from the localStorage when I refresh the page
Why does the if ( !token ) return false when token is undefined, the first console.log return undefined, but my method continues to const parts = token.split('.');.

Do check that you have not stored `undefined` string as the value of localStorage — Ashish, Jan 02 '22 at 20:23
You should consider verification "Failed" by default. And only make it successful when verification passed. — Vlad DX, Jan 02 '22 at 20:23
And you shouldn't store tokens in local storage. It's a security issue. — Vlad DX, Jan 02 '22 at 20:24
@Ashish no I stored the token in the local storage, when I don't refresh the page the token is logged correctly, but when I refresh the page I get undefined — Doesn't Matter, Jan 02 '22 at 20:26
@VladDX ok, let us not talk about the localstorage, but why `if (!token)` return false when the token is undefined! — Doesn't Matter, Jan 02 '22 at 20:28
@Doesn'tMatter because empty string, null or undefined will return false — Sayf-Eddine, Jan 02 '22 at 20:36
Are you sure your key is named token ? `localStorage.setItem('token', yourdata); ` — Sayf-Eddine, Jan 02 '22 at 20:37
@Sayf-Eddine Just for curiosity, I tried `console.log('token: ' + token + ' - ' + (token === undefined || token === '' || token === null));` and it returns `token: undefined - false` — Doesn't Matter, Jan 02 '22 at 20:41
@Sayf-Eddine and yes I use `set token(token: string) { localStorage.setItem('token', token); }` — Doesn't Matter, Jan 02 '22 at 20:43

score 2 · Accepted Answer · answered Jan 02 '22 at 20:41

2

Local storage work only with strings.

MDN: Window.localStorage

The keys and the values stored with localStorage are always in the UTF-16 DOMString format, which uses two bytes per character. As with objects, integer keys are automatically converted to strings.

https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage

So, every value is serialized as a string.

localStorage.setItem('token', undefined);
let token = localStorage.getItem('token');
console.log(token);
console.log(typeof(token));

Prints out in the console:

undefined
string

Conclusions:

Don't store null and undefined in Local Storage.
When validating the value from Local Storage, always treat it as a string value.

Notes:

Validation should return false by default. And only in case of success should return true.
You shouldn't store any tokens in Local Storage, it's not secure.
You shouldn't validate anything on a client as the validation logic can be easily manipulated.

answered Jan 02 '22 at 20:41

Vlad DX

4,200
19
28

Ok, I will follow these steps, I want the last thing, what is the best practice to store tokens then? – Doesn't Matter Jan 02 '22 at 20:47
@Doesn'tMatter here you can see https://blog.logrocket.com/jwt-authentication-best-practices/#store-jwts-securely – Sayf-Eddine Jan 02 '22 at 20:52
1

For the future, I followed my code, and effectively, I found: when I refresh the page I refresh the token, and here I set undefined instead of the correct value, thank you for your answer I appreciate it – Doesn't Matter Jan 02 '22 at 20:59
@Doesn'tMatter, check out my SO answer: https://stackoverflow.com/questions/57650692/where-to-store-the-refresh-token-on-the-client/57826596#57826596 – Vlad DX Jan 02 '22 at 21:20

Lost data stored in localStorage issue

1 Answers1