Client-side sessions (stateless sessions) - Client Side Data

Card Puncher Data Processing


Client-side sessions (stateless sessions) are session data stored client-side (Generally browser data)

Client-side data is subject to tampering. As such it must be handled with great care by the backend

stateless mechanism means that the user state is never saved in the server memory.



To protect the contents of a client side session, you can sign it:

  • to validate the data against tampering
  • to authenticate the origin

Most of the time sessions are only signed and not encrypted because there should be no security or privacy concern when the data is read by third parties.


A third party (a client-side script) might be able to read client side data if they are stored in an unencrypted JWT

Client side data that may raise privacy concerns must not be left unencrypted (Example: user’s shopping cart).

Recommended Pages
Jwt Auth Flow
Authentication - Jwt (Json web token)

json web token is a token protocol. It's also known as jot. The main purpose of JWTs is to transfer (ie identity property) between two parties This is a simple, optionally validated and/or encrypted,...
Browser - Storage (Client Side Data)

client side data in the browser cookie local storage Secure or sensitive data should not be stored persistently in browser data stores as they should be treated as insecure storage....

Share this page:
Follow us:
Task Runner